December Patch Tuesday: 'Christmas Present For The Bad Guys'

By Ken Presti
December 06, 2012 5:10 PM ET

Page 1 of 2

Microsoft's Patch Tuesday software updates will require system reboots just as IT administrators and channel partners are the most nervous about anything that might potentially cause service interruptions.

Furthermore, many of the current vulnerabilities expose the full history of Windows operating systems, leading Alex Horan, senior product manager at CORE Security, to describe this Patch Tuesday as a "Christmas present for the bad guys."

"Cybercriminals are very happy when they can launch one attack across multiple OSes," he said. "This Patch Tuesday has vulnerabilities that are repeated across the entire Microsoft family and affects the core of the OS. So the bad guys can write one exploit and basically attack every Windows machine out there. To write one piece of code and have it work against everything is just Nirvana."

Among the seven bulletins in this month's list, five are marked as critical, as a result of the risk of remote code execution.

Bulletin 4 arguably dominates the pack this month. It involves a critical vulnerability for remote code execution in Exchange 2007 SP3 and 2010 SP1 and 2.

"Both of those systems, by design, face the Internet," said Horan. "They have to in order to accept email. So the attacker no longer has to be in the network or run code on Windows machines. They just have to send an email or connect to the port where you receive email. Restarting the Exchange Server needs to be done at a time when it's not going to impact business, so this one could be somewhat troublesome."

The mission-critical nature of Microsoft Exchange is especially emphasized during the holiday season.

"I think it's fair to say that anybody running Windows is going to need to patch and reboot next week," said Andrew Storms, director of security operations at nCircle. "Every SKU of Windows is affected here in one manner or another. And we're in a time of the year when a lot of people aren't going to want to reboot. They want to focus on sales, and they can't afford any downtime with holiday shopping, so it's tempting to put these on hold and wait until January."

But Storms added that once the specifics of the vulnerability are announced on Tuesday, hackers will immediately be on the lookout for vulnerable pieces of code. "You have to determine the risk for yourself and for your company, and it could be that the mitigation can be executed without much downtime or interruption," he added.

NEXT: A Busy Patch Tuesday

1 | 2 | Next >>

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Tech 10: Hot Antivirus Alternatives For 2013 CRN identifies 10 vendors that have developed innovative ways to detect malware and analyze threats to better protect corporate networks. They take a giant step beyond traditional signature technologies.
	10 Emerging Security Technologies Gaining Interest, Adoption Despite some security defenses being only in their infancy, they are attracting interest for addressing BYOD issues, cloud security concerns and stolen account credentials. Here's a look at some of the top new security areas gaining industry interest.
	5 Government Intelligence Facilities You've Never Heard Of One facility has been around since the dawn of space exploration, while other buildings are still in construction. But, they all have serious data analysis and surveillance support activities associated with them.
	More Slide Shows