Qualys Blog

www.qualys.com
wkandek

December 2012 Patch Tuesday Preview

Today Microsoft announced seven bulletins that will be released in next week’s Patch Tuesday. Five of the bulletins are rated critical, and two are important. Between them they affect all currently supported Operating Systems, including Windows 8 and Windows RT.

Bulletin 1 is rated critical and affects Internet Explorer 9 and 10 on all platforms that support IE 9 and IE10, starting at Vista all the way to Windows 8 and RT. Bulletin 2, which is rated critical as well, applies to all versions of Windows and again includes both Windows 8 and Windows RT.

Bulletin 3 is special, as it affects Microsoft Word and is rated critical, which happens very rarely. Usually Microsoft downgrades even Remote Code Execution Office vulnerabilities to "Important," because a user interaction (e.g., opening a malicious file) is required. In this case we assume the "critical" rating comes from Outlook, which can be configured to use Word to visualize documents in its preview pane. This is an automatic mechanism that does not require user interaction. In any case, this is will be an important bulletin to watch out for.

Bulletin 4 is a critical fix for a number of Microsoft server software products. It includes the widely installed Exchange and Sharepoint, plus an update for Microsoft Office Web Apps 2010 Service Pack 1. Office Web Apps are the webified version of Word, Excel, etc., and we expect them to have lesser impact on IT, as the applications have fewer installations. In any case, Server Administrators need to take a good look at this bulletin to see if they need to take action.

All in all, we are looking at a normal-sized Patch Tuesday with a mix of browser, operating system and Office updates that will keep all areas of IT administration quite busy through the end of the year. For many Windows RT users, it will be the first time for a software update, and it will be interesting to see how they react and what the uptake of the patches will be.

Leave a Reply