Microsoft, Adobe to Release First Security Patches of the New Year
Microsoft rated two of its January bulletins critical. Adobe is evaluating reports of a security flaw in its Cold Fusion Web dev tool, and plans to release fixes Jan. 8 for Reader and Acrobat.Microsoft is preparing seven security bulletins to start the new year while Adobe is preparing to fix the latest flaws in Adobe Reader and Acrobat. Of the seven Microsoft Patch Tuesday security bulletins scheduled to come next week, just two are considered "critical," Microsoft's most serious rating for security issues. The other five are rated "important." The two critical bulletins cover issues affecting Microsoft Windows, Office, Microsoft Server Software and Microsoft Developer Tools. Perhaps not surprisingly, several security researchers suggested that the two critical bulletins get the most attention from IT administrators. The first of these affects Microsoft Windows Server platforms and should be a top priority because the bug could potentially be exploited in malware. Since Server Core is affected, it could apply to a common service, said Ross Barrett, Rapid7's senior manager of security engineering. "The other critical [one] is bulletin 2, which impacts a dog's breakfast of Microsoft operating systems and applications [including Windows 8, RT and Server 2012]; this is likely another broad-reaching library bug," he said. "One thing to watch out for in this type of vulnerability is applying all the patches that apply to a system; e.g., it affects, Groove, Office, SharePoint, the OS and other components. Administrators will have to patch for each affected component."
Bulletin two may be the most significant bulletin, as it affects both Windows 8 and Windows RT as well as many of the other previous systems, said Paul Henry, security and forensic analyst at Lumension.