Microsoft preps monster security update for next week
Another expert, Lumension security and forensic analyst Paul Henry, theorized that one of the IE updates might be related to recent vulnerabilities in Oracle's Java. Like other browsers, IE relies on an Oracle-provided plug-in to parse Java code.
"It's possible that this is related to the recent and ongoing Java issues," said Henry in an email Thursday. "Microsoft has a very close relationship with Oracle, so it wouldn't surprise me if these bulletins include Java patches."
Last week, Oracle accelerated the release of its regularly-scheduled security update -- initially slated to ship Feb. 19 -- citing "active exploitation 'in the wild' of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers."
Oracle's early update came in the aftermath of several embarrassing "zero-day" vulnerabilities -- and the emergency patches necessary to quash those bugs -- as well as harsh criticism leveled by security professionals against Oracle for its handling of Java's problems.
Next week's fifth critical update affects Exchange Server 2007 and Exchange Server 2010, the second- and third-most-recent versions of Microsoft's email server software.
While details were absent -- Microsoft's advanced notification is always bare bones -- Storms said the simple fact that the update was judged critical and for Exchange should be enough to raise the antenna of IT pros. "They always concern me because Exchange is the critical business application," said Storms.
A patch failure or compatibility problem in an Exchange update could conceivably knock out a firm's email, with all the resulting chaos that creates among workers, and the conflict between them and IT.
Microsoft will release next week's 12 security updates on Feb. 12 at approximately 1 p.m. ET.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Who does NSS Labs "Recommend" for NGFW? In 2012, NSS Labs found that most available NGFW solutions "fell short in performance and security effectiveness." In 2013 NSS Labs noted "marked...
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- 9 Essentials for a Complete Cloud-to-Cloud Backup Solution In 9 Essentials for a Complete Cloud-to-Cloud Backup Solution, we'll walk you through potential sources of data loss in the cloud and provide...
- Workload Change: The 70 Percent of Your Business DevOps Forgot Adding WLA early in the development process ensures that the benefits of DevOps accrue for all applications, including your batch services. This paper...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Protecting Critical SaaS Data Before It's Too Late In this webinar, you'll hear how to avoid SaaS data loss through best practices from a panel of experts. All Operating Systems White Papers | Webcasts