HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 11 MINUTES AGO.
You are here: Home / Viruses & Malware / Admins Get a Patch Tuesday Gift
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
Light Patch Tuesday May Lead To Out-of-Band Patch
Light Patch Tuesday May Lead To Out-of-Band Patch
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
NOVEMBER
09
2011



Microsoft on Tuesday issued four security bulletins to address four vulnerabilities. Microsoft only rated one critical, an early holiday present from Redmond. But security industry researchers warned IT admins not to get complacent.

Although November's patch update is small, it's possible Microsoft will release an out-of-band patch for the zero-day vulnerability the Duqu installer exploits, said Joshua Talbot, security intelligence manager at Symantec Security Response.

"Microsoft recently published a security advisory as well as a temporary fix and is currently investigating the vulnerability," Talbot said. "In addition to implementing the temporary fix, IT departments and end users should also remain vigilant in following standard security best practices."

Difficult to Exploit

Andrew Storms, director of Security Operations for nCircle, said MS11-084 is the most interesting bulletin this month. This kernel bug deals with how font files are parsed. Microsoft rated the flaw moderate.

"The interesting thing about this bulletin is that it appears to have a lot in common with the Duqu advisory Microsoft released last week," Storms said. "I wonder if we are seeing the beginning of a new malware trend focused on exploiting kernel and font-parsing bugs."

As Storms sees it, the only critical bulletin this month doesn't look very threatening, at least on the surface. The Microsoft Security Research and Defense team blogged about the attack scenario for this bug and described it as "difficult to exploit in a real world scenario," probably because default firewall configuration settings successfully block the attack, he said.

"Enterprise security teams should patch this critical bug fairly quickly anyway because if attackers find a way to leverage it they can gain remote code execution privileges," Storms said.

The Browser Path

Paul Henry, security and forensic analyst at Lumension, pointed to a trend he sees in the security landscape. Overall, he said, it seems the primary threat vector these days is browser and third-party add-ons.

"A recent report noted that malicious domains have increased by 89 percent year-over-year," Henry said. "Simply put, hackers recognize that users simply do not patch their third-party add-ons and, as always, they capitalize on that weakness to compromise our environments."

Henry noted that social media continues to be a risk to the enterprise. After insisting there was no concern, for example, Facebook reportedly corrected an issue that allowed a user to send another user an executable attachment using message capability. Henry said this created an easy platform for launching spear-phishing attacks.

"In addition, an issue in WordPress may have compromised up to 1 million blogs, a problem in the popular tool TimThumb, that when used in WordPress blogs to access photo sites can cause users to be redirected to malicious Web sites," Henry said.

"And let's not forget the cloud. Security issues continue to cause problems this Patch Tuesday period. Thankfully, Amazon is on top of it and corrected an issue that could allow hackers to hijack Amazon customer accounts."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
MORE IN VIRUSES & MALWARE
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
Sony is no stranger to breaches. Sony’s PlayStation Network was hacked in 2011 and attackers obtained 77 million user accounts. The latest attack comes against Sony Pictures Entertainment.

ENTERPRISE HARDWARE SPOTLIGHT
Chinese computer maker Lenovo got creative with the marketing campaign around its Yoga 3 Pro. Lenovo hired the Upright Citizens Brigade, a comic troupe, to help drum up visibility for its new device.

MOBILE TECHNOLOGY SPOTLIGHT
In its bid for the wearables market, Sony is reportedly developing a watch made out of electronic paper for release as soon as next year. The e-paper watch will emphasize style over tech innovations.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.