Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Cybercrime / No Critical Issues for Patch Tuesday
IT Admins Catch a Break: No Critical Issues in Patch Tuesday
IT Admins Catch a Break: No Critical Issues in Patch Tuesday
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Microsoft has issued five security bulletins to address 15 vulnerabilities. In a rare occurrence, none of this month's vulnerabilities are rated critical. But that doesn't mean IT admins get a free ride in September, especially with the DigiNotar issues.

"Despite the number of patches Microsoft issued today, it's important to not let the out-of-hand advisory Microsoft updated last week slip through the cracks," said Joshua Talbot, security intelligence manager at Symantec Security Response.

"The advisory essentially revokes Microsoft's trust of various DigiNotar certificates. This update should probably be kept at the top of IT admins' to-do lists -- even before any of today's patches -- as there are attacks occurring in the wild leveraging the compromised certificates."

DigiNotar Outfall

Indeed, in light of the current DigiNotar certificate issues -- including the latest threat by the certificate hacker to exploit the Microsoft Windows Update service -- the handling of potentially compromised digital certificates is currently top of the list for most IT pros this period.

"Many IT professionals are already busy dealing with replacing their server certificates and also updating user browser and OS software to revoke trust in compromised certificates, so this Patch Tuesday is a welcome break," said Paul Henry, a security and forensics analyst at Lumension.

Mozilla is aggressively dealing with the issue and has sent communication to all certificate authorities with root certificates in Network Security Services requesting immediate action. Henry said that seems to imply that other CA's could face the same demise seen at DigiNotar if they are not cooperative and forthcoming.

Pay Close Attention

Although none of the patches released Tuesday are rated critical, security researchers are urging users to pay close attention to the Office Uninitialized Object Pointer Vulnerability. Talbot said it seemed to be fairly easy to exploit the memory corruption issue and leverage extremely common Word files to attack users' computers.

"Microsoft is also patching two vulnerabilities that are already in the public realm, but neither are of too great a concern," Talbot added. "The first is the HTML Sanitization Vulnerability, which is simply an information disclosure issue. The other is the Insecure Library Loading Vulnerability, which is part of the ongoing DLL issue that the company has been working on correcting for more than a year now. We've yet to see any exploits targeting one of these vulnerabilities."

A First-Time Event

The start of the second half of 2011 has seen more than 40 high-profile breaches. Yet in terms of security bulletins there are no surprises in September's patch release. That's because Microsoft accidentally released the bulletins four days early in a gaffe that caused some confusion for Microsoft and its customers.

"In what might be a first-time event, Adobe released a batch of 13 Common Vulnerabilities and Exposures before the Microsoft patch," said Andrew Storms, director of security at nCircle. "It's a definite improvement over their previous late-afternoon releases, but it's still a 'classic' Adobe patch in that we have very little information about the bugs being fixed in the patch. The bad news is that most of them could result in the worst kind of security outcome -- remote code execution."

Tell Us What You Think


rudraksha in bangalore:
Posted: 2011-09-19 @ 2:10am PT
Critical patches are always there. The only thing is they are not there for a day.

Like Us on FacebookFollow Us on Twitter
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.