Microsoft Issues A Long List Of Fixes For Patch Tuesday

By Ken Presti
August 14, 2012 6:27 PM ET

Page 2 of 2

Microsoft is also issuing two patches for Internet Explorer. The company has begun issuing IE patches on a more frequent basis, and this one marks the third such bug fix in as many months.

"Keep in mind that there are two bulletins that you need to apply if you're using Explorer 8," said VMware's Miller. "You'll need both 52 and 56, and the vulnerability is not going to be fixed unless you put both patches into the system. It is a remote code execution, so you want to get this resolved as soon as possible." Miller added that this vulnerability also has Java implications, which is why the response comes in the form of two separate patches.

There is also a new patch to supplement last month's bug fix to support XML Core services. "When they patched it last month, they did versions 3, 4 and 6 of XML Core Services," said Miller. "Version 5 did not get patched last time, but here is the patch now. So, administrators need to keep this one from slipping under the radar."

One final Microsoft item is worthy of note, according to Lumension Security's Henry. "Three months ago, they made an announcement saying they're going to start limiting encryption to 1,024 bit or higher," he said. "Now they've released a voluntary patch to test what is going to break when the patch becomes a mandatory patch. If you are a software provider and you've sold software in other countries using 256-bit encryption to avoid the need for an export permit, this patch is going to cause problems. So, I think software vendors are going to be scrambling for export permits, which are often required when 1,024-bit encryption is sold internationally. This might not get a lot of attention right now, but it will very likely have far-reaching impacts."

In concert with the Redmond, Wash.-based software company's patch releases, Adobe and Oracle are also issuing patches of their own. Adobe is patching Acrobat, Acrobat Reader and Shockwave, although Miller expects there will also be a forthcoming patch to support Flash Player. "The Flash Player vulnerabilities are already attracting attacks, so you'll want to attend to this one pretty quickly," he said.

PUBLISHED AUG. 14, 2012

<< Previous | 1 | 2

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	Name Of The Game: Top 10 States For Identity Theft A Federal Trade Commission report provides statistics on identity theft and fraud complaints in 2012. Learn which state has the dubious distinction of having the most victims.
	More Slide Shows