Microsoft's March Patch Tuesday Will Be Relatively Light
Microsofts Patch Tuesday for March 13 is a relatively light one, consisting of six bulletinsonly one of them rated critical.
Four other bulletins are rated important, with one deemed moderate. Software affected by the critical bulletin includes all versions of Windows from XP onward, as well as Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2. Two of the important bulletins and the sole moderate bulletin also apply to different configurations of Windows and Windows Server.
The two remaining important bulletins pertain to Microsoft Visual Studio and Microsoft Expression Design. A full breakdown can be found on the Microsoft Security Bulletin Advance Notification for March 2012.
Microsofts March edition of Patch Tuesday is far lighter than Februarys, when the company released nine new security bulletins fixing 21 vulnerabilities in all supported versions of Windows, Internet Explorer, Microsoft Office and .NET/Silverlight. That being said, February 2012 proved somewhat lighter than February 2011, when Microsoft needed to issue 12 bulletins in order to fix 22 vulnerabilities.
Four of those nine February bulletins were rated critical due to vulnerabilities that could have resulted in remote-code execution. Security experts advised focusing on the issues with Internet Explorer, as attackers are increasingly given to browser exploits in order to compromise users.
According to a new study from the Verizon RISK team, the majority of cyber-attacks in 2011 relied on two methods for compromising networks and stealing data: hacking and malware.
In 2011, around 99 percent of all compromised data records were stolen during an incident involving either hacking or malware, according to the teams Data Breach Investigations Report. Both techniques remain popular because they can be launched remotely, with the cyber-attacker easily escaping afterward. Malware and hacking can also be used in tandem, such as installing malware that opens a backdoor on an infected machine for remotely executing code.
Browsers have taken an increased role in attacks as users shift from PC-based programs to using online services. As a result of that, exploit developers have focused increasingly on anything that could compromise a browser.