Printing-ink veterans don't take cyberspace journalists too seriously - Roy Greenslade, Guardian Online
SOFTWARE PATCH FACTORY Microsoft has issued more details on its first Patch Tuesday updates of the year, which include two critical fixes.
The firm announced the new patches would be made available last week and has now issued more information on what the fixes cover as they are released.
Microsoft has rolled out two critical patches for the month. One will fix a remote code execution exploit in print servers, while the other will correct a remote code execution exploit for Microsoft's XML Core Services.
The two critical patches are expected to receive the most attention for the month. However, Core Security senior product manager Alex Horan believes that a bulletin Microsoft earmarked as "important" could have the most lasting effects of the bunch.
Bulletin 5 covers an elevation of privilege exploit that could allow an attacker to run specifically created applications on affected machines. Horan says the patch is important because the exploit has the potential to affect a large number of users.
"Bulletin 5 may end up being the most significant as it targets Vista Service Pack 2, Server 2008 and Windows 7," said Horan.
"This has the potential for the most long-term issues as it represents an extremely large base of potential targets if it is not rectified properly."
January's patches bring two critical remote code execution patches to IT administrators, and this month's Patch Tuesday also features one non-critical update that analysts say can pay dividends for future protection.
"We encourage customers to start 2013 on a secure foot by applying these security updates to help ensure protection in the New Year," said Microsoft Trustworthy Computing group manager Dustin Childs.
"Customers who have automatic updates enabled will receive these protections automatically and do not need to take action."
All of the patches are part of Microsoft's monthly Patch Tuesday event. This month's offerings come following December's Patch Tuesday, which featured a raft of critical updates. µ
Sign up for INQbot – a weekly roundup of the best from the INQ