Microsoft to patch Windows 8, but stays mum on IE zero-day fix

Revokes pilfered digital certificates today

By , Computerworld |  Windows, Microsoft, windows 8

Tuesday's security updates will not fix the IE vulnerability, but will address a dozen different bugs. Two of the seven updates will be graded "critical," Microsoft's most-serious threat assessment, while the remainder will be tagged as "important," the next-most-dire.

Bulletin 2, as Microsoft identified it today, piqued Storms' curiosity.

"By far, it's the most interesting because it's not just through the OS stack, but also applies to Office and developer tools and SharePoint," said Storms. "It's likely something core to Microsoft, like GDI [graphics device interface] or XML, to affect so many different products."

According to Microsoft, Bulletin 2 -- one of the two pegged critical -- applies to all supported versions of Windows, from the 11-year-old XP to 2012's Windows 8 and Windows RT, from Server 2008 to Server 2012. It will also affect Office 2003 through Office 2007 on Windows; Expression Web, part of the Expression Studio web development suite; and SharePoint Server 2007, Groove Server 2007 and System Center Operations Manager 2007.

Other security professionals, including Wolfgang Kandek, CTO of Qualys, and Paul Henry of Lumension, also put the spotlight on Bulletin 2.

Storms characterized the rest of Tuesday's bulletins as "not all that interesting," but some disagreed.

"Bulletin 5 may end up being the most significant, as it targets Vista SP 2, Server 2008 and Windows 7," said Alex Horan, senior product manager with CORE Security, in an email. "This has the potential for the most long-term issue, as it represents an extremely large base of potential targets if it is not rectified properly."

Microsoft rated Bulletin 5 as important. As Horan noted, it will not apply to Windows XP, but will to Windows 8 and Windows RT, both released two months ago. According to Web metrics company Net Applications, Vista, Windows 7 and Windows 8 collectively power about 57% of all Windows PCs.

Also today, Microsoft told customers it was revoking two digital certificates fraudulently acquired by cyber criminals from a subsidiary of TurkTrust, a Turkish CA that has ties to that country's military.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question