Microsoft's March Patch Tuesday Will Be Relatively Light

Microsoft's Patch Tuesday for March 12 will involve six bulletins, only one of which is rated "critical."

Microsoft€™s Patch Tuesday for March 13 is a relatively light one, consisting of six bulletins€”only one of them rated €œcritical.€

Four other bulletins are rated €œimportant,€ with one deemed €œmoderate.€ Software affected by the €œcritical€ bulletin includes all versions of Windows from XP onward, as well as Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2. Two of the €œimportant€ bulletins and the sole €œmoderate€ bulletin also apply to different configurations of Windows and Windows Server.

The two remaining €œimportant€ bulletins pertain to Microsoft Visual Studio and Microsoft Expression Design. A full breakdown can be found on the Microsoft Security Bulletin Advance Notification for March 2012.

Microsoft€™s March edition of Patch Tuesday is far lighter than February€™s, when the company released nine new security bulletins fixing 21 vulnerabilities in all supported versions of Windows, Internet Explorer, Microsoft Office and .NET/Silverlight. That being said, February 2012 proved somewhat lighter than February 2011, when Microsoft needed to issue 12 bulletins in order to fix 22 vulnerabilities.

Four of those nine February bulletins were rated €œcritical€ due to vulnerabilities that could have resulted in remote-code execution. Security experts advised focusing on the issues with Internet Explorer, as attackers are increasingly given to browser exploits in order to compromise users.

According to a new study from the Verizon RISK team, the majority of cyber-attacks in 2011 relied on two methods for compromising networks and stealing data: hacking and malware.

In 2011, around 99 percent of all compromised data records were stolen during an incident involving either hacking or malware, according to the team€™s €œData Breach Investigations Report.€ Both techniques remain popular because they can be launched remotely, with the cyber-attacker easily escaping afterward. Malware and hacking can also be used in tandem, such as installing malware that opens a backdoor on an infected machine for remotely executing code.

Browsers have taken an increased role in attacks as users shift from PC-based programs to using online services. As a result of that, exploit developers have focused increasingly on anything that could compromise a browser.

Follow Nicholas Kolakowski on Twitter