Microsoft's Patch Tuesday for March 12 will involve six bulletins, only one of which is rated "critical."
Patch Tuesday for March 13 is a relatively light one, consisting of six bulletinsonly
one of them rated critical.
bulletins are rated important, with one deemed moderate. Software affected
by the critical bulletin includes all versions of Windows from XP onward, as
well as Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2.
Two of the important bulletins and the sole moderate bulletin also apply to
different configurations of Windows and Windows Server.
remaining important bulletins pertain to Microsoft Visual Studio and
Microsoft Expression Design. A full breakdown can be found on the Microsoft
Security Bulletin Advance Notification
for March 2012.
March edition of Patch Tuesday is far lighter than Februarys, when the company
released nine new security bulletins fixing 21 vulnerabilities in all supported
versions of Windows, Internet Explorer, Microsoft Office and .NET/Silverlight.
That being said, February 2012 proved somewhat lighter than February 2011, when
Microsoft needed to issue 12 bulletins in order to fix 22 vulnerabilities.
Four of those
nine February bulletins were rated critical due to vulnerabilities that could
have resulted in remote-code execution. Security experts advised focusing on
the issues with Internet Explorer, as attackers are increasingly given to
browser exploits in order to compromise users.
According to a
new study from the Verizon RISK team, the majority of cyber-attacks in 2011
relied on two methods for compromising networks and stealing data: hacking and
around 99 percent of all compromised data records were stolen during an
incident involving either hacking or malware, according to the teams Data
Breach Investigations Report. Both techniques remain popular because they can
be launched remotely, with the cyber-attacker easily escaping afterward.
Malware and hacking can also be used in tandem, such as installing malware that
opens a backdoor on an infected machine for remotely executing code.
taken an increased role in attacks as users shift from PC-based programs to using
online services. As a result of that, exploit developers have focused
increasingly on anything that could compromise a browser.
Nicholas Kolakowski on Twitter