Average Rating: Rate this article:

Microsoft Battles Worms with Critical Windows Patch By Jennifer LeClaire August 15, 2012 10:35AM     Small businesses and campus locations where Windows computers are configured in workgroups are particularly vulnerable to some of the security holes addressed by Microsoft. Those with Windows XP on their network should also install the patches ASAP to avoid serious harm, since the malware is network aware with no authentication required.   Related Topics Microsoft Patch Windows Network Security Latest News Reality TV's New Stars: Small Biz Soundbars Up the Ante on TV Sound Google Glass Raises Privacy Concerns Pentagon Gives iOS 6 Security OK Should Enterprises Skip Windows 8? IT admins take note: Microsoft has issued nine security bulletins as part of August's Patch Tuesday. Five are rated critical and four rated important. Altogether, the bulletins address 26 vulnerabilities in Microsoft Windows, Internet Explorer, Exchange Server, SQL Server, Server Software, Developer Tools, and Office. Andrew Storms, director of security operations at nCircle, told us another MSCOMCTL-related bug is at the top of the Microsoft list. Microsoft previously patched the Windows Common Control bug with bulletin MS12-027 in April. That, Storms said, made everyone sit up and take notice because it affects a huge number of applications including some very serious back office core systems, like SQL servers and commerce servers. "There is some good news this month -- that the attack vector associated with the MSCOMCTL patch is an RTF file -- and the victim has to explicitly open the file to allow the exploit," Storms said. "If you can't get this patch rolled out or mitigation applied quickly, you should remind users about the dangers of opening attachments from unknown persons." Backlog of IE Patches Noteworthy is the fact that August marks the third month in a row with a new Internet Explorer patch. That demonstrates how Microsoft is leveraging its recently announced initiative to release IE patches more frequently. Storms said this probably means there are a lot more IE patches in the future since it's a good bet Microsoft will be tackling their IE backlog post haste. "As expected, MS is patching the zero-day bug called 'Oracle Outside in Exchange' bug. This vulnerability really never went anywhere in the exploit community. We have so far seen very little uptake on actively exploiting the bug," Storms explained. Meanwhile, MS12-054 contains a sprint spooler bug with a potentially wormable condition. Storms said keen-eyed attackers are going need to focus carefully on the vulnerability to uncover all of its potential. "This is something that predominately affects small business and campus locations where Windows computers are configured in workgroups," Storms said. "If this describes your business, deploy this patch as soon as you can." Potentially Wormable MS12-053, an RDP bug only affecting XP, another bug with a potentially wormable condition, ranks lower in the MS deployment priority. Storms warned that this one has the potential for serious impact because it is network aware and no authentication is required. If you have XP on your network, he suggested getting the mitigations for this one installed ASAP. Tyler Reguly, director of IT security research and development at nCircle, noted that August's Patch Tuesday saw more of the usual patches for Office, Win32K.sys and Internet Explorer. He told us most enterprise teams should be pros by now when it comes to testing and deploying these patches. "Microsoft listed MS12-060 as the most critical issue this month. They mention it is seeing limited targeted attacks and it patches different components of a control patched only a few months ago," Reguly said. "Given the attack vectors, I'd say that Microsoft has definitely ordered things properly this month."   Tell Us What You Think Comment: Name: Also Visit: iPad Info Center Billions of Bytes Mobile Device Now Apple Info Center TopTechWire.com CommVault is a data and information management software company dedicated to providing organizations worldwide with a radically better way to manage data and information. Their unique Solving Forward philosophy allows them to deliver complete solutions with infinite scalability and unprecedented control over data and costs. Be among the first to experience Simpana 10 software. Click here now.  Network Security 1.   Financial Times Latest Hacking Target 2.   Patch Tuesday Hyper Focuses on IE 8 3.   Investors Funding Cyberwarfare 4.   Bloomberg Admits Terminal Snooping 5.   $45 Million ATM Theft Sophisticated Financial Times Latest Hacking Target Syrian Electronic Army attacks site. Average Rating: Investors Funding Cyberwarfare As demand for tech security grows. Average Rating: Hacking Strains U.S.-China Relations As U.S. infrastructure is put at risk. Average Rating:

Product Information and Resources for Technology You Can Use To Boost Your Business BYOD & MDM   Build a business case for a BYOD program. CRM Systems   Free Download: Understanding the Voice of the Customer   Unlock the potential in your people with Microsoft Dynamics   How Microsoft Dynamics helped mobilize retail businesses   2 million CRM success stories and counting...   Experience CRM and Business Success today with Salesforce.com.   Free Download: Understanding the Voice of the Customer   Optimize CRM with Data Quality Management. More from Trillium Cloud & Virtualization   Riverbed Stingray Traffic Manager on Amazon Web Services Contact Centers   Unlock the potential in your people with Microsoft Dynamics Customer Data   Free Download: Understanding the Voice of the Customer   See how you can benefit from Microsoft Dynamics   Free Download: Understanding the Voice of the Customer Customer Service   Improve your customer relationships with Microsoft Dynamics   2 million CRM success stories and counting...   Unlock the potential in your people with Microsoft Dynamics Data Security   Simpana® 10 software: an exponential leap forward Enterprise Hardware   The 2013 Toughpad™ tablets. Rugged, secure and built for business.   Rugged and reliable Panasonic Toughbook® mobile computers.   The best document scanner for you? Try KODAK's scanner selector   APC makes it easy for you to focus on business growth, not downtime. Enterprise I.T.   Brocade's mission: Making networks easier to deploy, manage, and scale.   11 Challenges Solved by Infrastructure for Small IT Environments Enterprise Software   Get critical data off paper and into SharePoint! Watch the video.   Simpana® 10 software: an exponential leap forward Hardware   The 2013 Toughpad™ tablets. Rugged, secure and built for business.   Rugged and reliable Panasonic Toughbook® mobile computers.   Rugged and reliable Panasonic Toughbook® mobile computers Innovation   The best document scanner for you? Try KODAK's scanner selector   Brocade's mission: Making networks easier to deploy, manage, and scale. Laptops & Tablets   Rugged and reliable Panasonic Toughbook® mobile computers. Mobile Apps   Build great mobile apps that drive engagement. Mobile Tech   Rugged and reliable Panasonic Toughbook® mobile computers Small Business   The best document scanner for you? Try KODAK's scanner selector Tech Trends   APC makes it easy for you to focus on business growth, not downtime.

Network Security Spotlight

Syrian Electronic Army Hacks Financial Times The Financial Times is the latest victim of the Syrian Electronic Army, a group that supports Syrian President Bashar al-Assad. The U.K.-based newspaper said a blog and its Twitter accounts were hacked.   Patch Tuesday Hyper Focuses on IE 8 Microsoft on Tuesday issued 10 security bulletins that fix 33 vulnerabilities. These updates include MS13-038, which will address the Internet Explorer 8 issue described in Security Advisory 2847140.   Surge of Venture Capital Buoys Tech Security Sector With companies and governments spending billions to repel cyberthreats, a surge of venture capital is pouring into companies developing cybersecurity technologies, the front line of the conflict.

Enterprise Hardware Spotlight

U.S. Defense Department Gives iOS 6 Security OK In a vote of confidence for Apple's iOS devices, the Defense Department has given the all-clear for employees to use iPads and iPhones for work. But only those running iOS 6, and only if issued by the government.   Cisco Surges After Profit Exceeds Analysts' Estimates Networking equipment giant Cisco's net income jumped 14 percent in the latest quarter as revenue at all four of its divisions rose for the first time in a year and a half, as tech spending increases.   HP and SAP Team To Advance HANA Database Technology The two tech leaders are working on a system that SAP says could fundamentally change the database market. HANA is SAP's technology that keeps data in-memory, for super fast processing.

Mobile Enterprise Spotlight

Google Glass Raises Congressional Privacy Concerns The buzz around Google Glass continues, but it's not all good. Some in Congress have questions. "We are curious whether this new technology could infringe on the privacy of average Americans," their letter to Google says.   Windows Phone Now No. 3 in Market, BlackBerry No. 4 Has Microsoft Phone moved into a coveted though distant third place for smartphone platforms behind Google's Android and Apple's iOS? A new report says yes, while BlackBerry has slipped to No. 4.   Intel Going Mobile with Its New CEO In his first speech as Intel's CEO, Brian Krzanich said he plans to focus on beefing up Intel's presence in mobility. The next step: a world tour showing mobile devices based on Intel chips, from PCs to phones and tablets.

Enterprise Technology Spotlight

HP and SAP Team To Advance HANA Database Technology The two tech leaders are working on a system that SAP says could fundamentally change the database market. HANA is SAP's technology that keeps data in-memory, for super fast processing.   Cloud Computing Gains Another Competitor with Google Amazon Web Services and Microsoft Azure now have a full-on rival in Google, with its I/O announcement that it is opening its hosted Compute Engine environment for virtual machines to all comers.   Hackers' New Tool of Choice: Smartphones Smartphones are increasingly popular not only with consumers, but with thieves who see the devices as another way to tap into bank accounts and other sensitive information, experts say.

Navigation NewsFactor Network Home/Top News | Enterprise I.T. | Cloud & Virtualization | Applications | Unified Communications | Mobile Tech | Hardware | Business Intelligence World Wide Web | Network Security | Data Storage | Small Business | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech Press Releases NewsFactor Network Enterprise I.T. Sites NewsFactor Technology News | Enterprise Security Today | CRM Daily NewsFactor Business and Innovation Sites Sci-Tech Today | NewsFactor Business Report NewsFactor Services FreeNewsFeed | Free Newsletters | About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise Privacy Policy | Terms of Service © Copyright 2000-2013 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.