HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 6 MINUTES AGO.
You are here: Home / Network Security / Patch Tuesday Targets 9 Critical Flaws
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
Microsoft's Patch Tuesday Targets 9 Critical Flaws
Microsoft's Patch Tuesday Targets 9 Critical Flaws
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
OCTOBER
12
2011


Microsoft on Tuesday issued eight security bulletins to deal with 23 vulnerabilities. Nine of the flaws are rated critical, including eight patches for Internet Explorer.

"Internet Explorer vulnerabilities are very common targets of attackers and it will probably be no different with these," said Joshua Talbot, security intelligence manager for Symantec Security Response. "Users and IT departments should patch these right away."

So far, none of the Internet Explorer vulnerabilities have been used in the wild, reports Marcus Carey, a Rapid7 security researcher. Nonetheless, he stressed, systems administrators and home users should be patching as soon as possible.

"When it comes to browser exploits, I expect public exploit code to be available in pretty short order," Carey said. "If users visit malicious Web sites with an attack targeting this vulnerability it will be game over, with a total compromise of their system."

Nixing .Net Flaws

Beyond the deluge of critical IE patches, there are other pressing issues for IT admins, namely the .NET framework. This critical issue also impacts Silverlight and users of both are urged to implement the patch immediately.

"The .NET Framework Class Inheritance Vulnerability, also rated critical, is complex to exploit, but affects all versions of .NET," Talbot said. "The vulnerability can be exploited in a number of ways, including traditional downloads, drive-by downloads and through hosting a malicious .NET application."

Indeed, Andrew Storms, director of security operations at nCircle, said bugs in Silverlight and the .NET framework should also be patched quickly. He said both are similar to the IE vulnerabilities in that they can allow users surfing the Internet to be victimized by visiting a malicious site. And timing may be everything.

"October is the last month in 2011 that many financial and retail organizations apply patches because they go into 'lock-down' mode as the holiday shopping season approaches," Storms said. "Enterprise IT teams should get ready to pull out all the stops."

Battling the BEAST

Vulnerabilities have proven not to be an issue exclusive to Microsoft -- third-party products and add-ons are the IT admin's Achilles' heel again this month, according to Paul Henry, a security and forensic analyst at Lumension.

"The ever-increasing integration of mobile devices with little if any regard to security of our enterprise networks, along with the seemingly non-stop release of vulnerabilities from Android and other vendors are placing us in a precarious situation," Henry said. "Also, a Chrome update was released to address several security issues."

Not only are patches a concern, but now IT admins are facing a BEAST, both literally and figuratively. Last week, Henry noted, researchers demonstrated software they created called the BEAST -- Browser Exploit Against SSL/TLS -- that can decrypt parts of an encrypted data stream and can be used in what is known as a "man in the middle" (MITM) type of attack.

"With respect to the SSL issues and 'the BEAST' we are perhaps seeing just the tip of the iceberg in focusing our attention only on browsers," Henry said. "Several other products, such as VoIP phones and [supervisory control and data acquisition] systems that also use SSL, are perhaps more at risk due to expected long-term delays in patching them."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
MORE IN NETWORK SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
Using Internet-connected devices without strong passwords is inherently risky, as illustrated by reports that a Russian Web site is showing live footage from thousands of people's webcams.

ENTERPRISE HARDWARE SPOTLIGHT
Managed-hosting company Rackspace has become the latest partner to join Microsoft's Cloud OS Network and offer support for all the products in the Microsoft cloud platform.

MOBILE TECHNOLOGY SPOTLIGHT
Not everyone loves smartphone encryption. But can it be fatal? A Justice Department official reportedly warned Apple executives that strong encryption could lead to a kidnapped child's death.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.