Microsoft preps monster security update for next week
Another expert, Lumension security and forensic analyst Paul Henry, theorized that one of the IE updates might be related to recent vulnerabilities in Oracle's Java. Like other browsers, IE relies on an Oracle-provided plug-in to parse Java code.
"It's possible that this is related to the recent and ongoing Java issues," said Henry in an email Thursday. "Microsoft has a very close relationship with Oracle, so it wouldn't surprise me if these bulletins include Java patches."
Last week, Oracle accelerated the release of its regularly-scheduled security update -- initially slated to ship Feb. 19 -- citing "active exploitation 'in the wild' of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers."
Oracle's early update came in the aftermath of several embarrassing "zero-day" vulnerabilities -- and the emergency patches necessary to quash those bugs -- as well as harsh criticism leveled by security professionals against Oracle for its handling of Java's problems.
Next week's fifth critical update affects Exchange Server 2007 and Exchange Server 2010, the second- and third-most-recent versions of Microsoft's email server software.
While details were absent -- Microsoft's advanced notification is always bare bones -- Storms said the simple fact that the update was judged critical and for Exchange should be enough to raise the antenna of IT pros. "They always concern me because Exchange is the critical business application," said Storms.
A patch failure or compatibility problem in an Exchange update could conceivably knock out a firm's email, with all the resulting chaos that creates among workers, and the conflict between them and IT.
Microsoft will release next week's 12 security updates on Feb. 12 at approximately 1 p.m. ET.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Why You Need a Next-Generation Firewall This white paper explores the reasons for implementing next-generation (NG) firewalls and lays out a path to success for overburdened IT organizations.
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Malware and Vulnerabilities White Papers | Webcasts