Microsoft normally releases new security patches for its software products on the second Tuesday of the month, otherwise known as "Patch Tuesday." However, as we saw a few days ago, Microsoft can also release unscheduled patches if a major security issue has been discovered.
Today, the third-party security firm Secunia sent Neowin a press release with their own report on Microsoft security bulletins in the past year. The report points out that Microsoft issued just 83 software security bulletins in 2012. That's far less than the 100 bulletins Microsoft launched in 2011 and the 106 that were issued in 2010. Secunia also said there was a lower number of bulletins that were considered to be "critical" by Microsoft in 2012 compared to the past couple of years. It praises Microsoft’s Security Development Lifecycle initiative for reducing the number of critical software issues.
Secunia did note a couple of specific security issues that were later fixed by Microsoft in 2012. It said:
Some of the most interesting fixes covered in the bulletins were fixes for 0-day vulnerabilities discovered in the Windows Common Control Library ActiveX Control (MSCOMCTL.ocx) and a remote code execution vulnerability in Remote Desktop Protocol. The MSCOMCTL vulnerabilities were interesting due to the sheer number of products the control is bundled with e.g. Office, SQL Server, Commerce Server, and Visual FoxPro.
Overall, it seems Microsoft is making a larger effort to make its PC software products such as Windows, Office and Internet Explorer safer to use and is also issuing patches to fix problems faster than in the past.
2 Comments - Add comment