Microsoft monthly patches touch Exchange, Windows, Explorer

For February's Patch Tuesday, Microsoft addresses 57 vulnerabilities in 12 security updates
  • Joab Jackson (IDG News Service)
  • — 12 February, 2013 20:05

System administrators overseeing Microsoft Exchange deployments should take a close look at Microsoft's latest round of security patches. In addition to covering Windows and Internet Explorer, Microsoft's latest monthly batch of patches covers the widely used Exchange Server, both the Exchange Server 2007 and Exchange Server 2010 editions.

"Microsoft delivered a monster sized patch this month ... It's enough to make your head spin," wrote Andrew Storms, director of security operations for security firm nCircle, in an email.

Overall, Microsoft has issued 12 security updates, covering 57 vulnerabilities, one of the largest sets of security updates the company has ever released.

Microsoft tagged five of the 12 updates as critical, and labelled the remaining seven as important.

NCircle advises that organizations apply the two critical Internet Explorer patches first. "Both of these remote execution bugs are serious security risks, so patch all of them and patch them fast," Storms wrote. The two critical patches cover versions 6 through 10 of the browser.

Windows, specifically Windows XP Service Pack 3 (SP3) and Windows Vista, has two critical updates, and Microsoft Exchange is the focus of the fifth critical update.

While Windows and Explorer are updated pretty much every month, the appearance of an Exchange vulnerability is somewhat more rare. Microsoft bulletin MS13-012 explains the Exchange vulnerability. Attackers could compromise a deployment of Microsoft Exchange by having a user of Outlook Web Access click on a maliciously crafted attachment. The vulnerability actually stems from a library supplied by Oracle, called Oracle Outside In, that converts files in various formats so they can be viewed in the browser. Clicking on the attachment could trigger embedded code to execute on the server.

Microsoft routinely releases security patches for its software on the second Tuesday of each month. The predictability of patch Tuesday, as it is often called, allows administrators to set aside time to update their systems. As with any updates to critical IT systems, administrators are encouraged to apply the updates in a test environment to check for unanticipated interactions with hardware or other software. All of the updates in this month's batch may require restarting the system.

The security updates will be available at the Microsoft Download Center, through WSUS (Windows Server Update Services), and, for consumers, through the Windows Update process.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com

Tags: patches, security, Microsoft, patch management

Flight MH370 includes 12 Malaysian Freescale staff, and KL-based IBM executive

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Security Solutions-GigaVUE-2404

Newgen provides innovative network monitoring and security solutions based upon Gigamon’s GigaVUE-2404

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.