HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 9 MINUTES AGO.
You are here: Home / Windows Security / No Critical Issues for Patch Tuesday
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
IT Admins Catch a Break: No Critical Issues in Patch Tuesday
IT Admins Catch a Break: No Critical Issues in Patch Tuesday
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
SEPTEMBER
14
2011
Microsoft has issued five security bulletins to address 15 vulnerabilities. In a rare occurrence, none of this month's vulnerabilities are rated critical. But that doesn't mean IT admins get a free ride in September, especially with the DigiNotar issues.

"Despite the number of patches Microsoft issued today, it's important to not let the out-of-hand advisory Microsoft updated last week slip through the cracks," said Joshua Talbot, security intelligence manager at Symantec Security Response.

"The advisory essentially revokes Microsoft's trust of various DigiNotar certificates. This update should probably be kept at the top of IT admins' to-do lists -- even before any of today's patches -- as there are attacks occurring in the wild leveraging the compromised certificates."

DigiNotar Outfall

Indeed, in light of the current DigiNotar certificate issues -- including the latest threat by the certificate hacker to exploit the Microsoft Windows Update service -- the handling of potentially compromised digital certificates is currently top of the list for most IT pros this period.

"Many IT professionals are already busy dealing with replacing their server certificates and also updating user browser and OS software to revoke trust in compromised certificates, so this Patch Tuesday is a welcome break," said Paul Henry, a security and forensics analyst at Lumension.

Mozilla is aggressively dealing with the issue and has sent communication to all certificate authorities with root certificates in Network Security Services requesting immediate action. Henry said that seems to imply that other CA's could face the same demise seen at DigiNotar if they are not cooperative and forthcoming.

Pay Close Attention

Although none of the patches released Tuesday are rated critical, security researchers are urging users to pay close attention to the Office Uninitialized Object Pointer Vulnerability. Talbot said it seemed to be fairly easy to exploit the memory corruption issue and leverage extremely common Word files to attack users' computers.

"Microsoft is also patching two vulnerabilities that are already in the public realm, but neither are of too great a concern," Talbot added. "The first is the HTML Sanitization Vulnerability, which is simply an information disclosure issue. The other is the Insecure Library Loading Vulnerability, which is part of the ongoing DLL issue that the company has been working on correcting for more than a year now. We've yet to see any exploits targeting one of these vulnerabilities."

A First-Time Event

The start of the second half of 2011 has seen more than 40 high-profile breaches. Yet in terms of security bulletins there are no surprises in September's patch release. That's because Microsoft accidentally released the bulletins four days early in a gaffe that caused some confusion for Microsoft and its customers.

"In what might be a first-time event, Adobe released a batch of 13 Common Vulnerabilities and Exposures before the Microsoft patch," said Andrew Storms, director of security at nCircle. "It's a definite improvement over their previous late-afternoon releases, but it's still a 'classic' Adobe patch in that we have very little information about the bugs being fixed in the patch. The bad news is that most of them could result in the worst kind of security outcome -- remote code execution."

Tell Us What You Think
Comment:

Name:

rudraksha in bangalore:
Posted: 2011-09-19 @ 2:10am PT
Critical patches are always there. The only thing is they are not there for a day.

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Mobile Fraud Trends and Impact Report Device intelligence uncovers hidden layers of risk in mobile transactions from both web browsers and mobile applications. Download this report to find out what iovation can tell you about mobile fraud—risks, insights and priorities. Click here to access the free report.
MORE IN WINDOWS SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business
© Copyright 2015 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.