Microsoft on Tuesday issued four security bulletins to address four vulnerabilities. Microsoft only rated one critical, an early holiday present from Redmond. But security industry researchers warned IT admins not to get complacent.
Although November's patch update is small, it's possible Microsoft will release an out-of-band patch for the zero-day vulnerability the Duqu installer exploits, said Joshua Talbot, security intelligence manager at Symantec Security Response.
"Microsoft recently published a security advisory as well as a temporary fix and is currently investigating the vulnerability," Talbot said. "In addition to implementing the temporary fix, IT departments and end users should also remain vigilant in following standard security best practices."
Difficult to Exploit
Andrew Storms, director of Security Operations for nCircle, said MS11-084 is the most interesting bulletin this month. This kernel bug deals with how font files are parsed. Microsoft rated the flaw moderate.
"The interesting thing about this bulletin is that it appears to have a lot in common with the Duqu advisory Microsoft released last week," Storms said. "I wonder if we are seeing the beginning of a new malware trend focused on exploiting kernel and font-parsing bugs."
As Storms sees it, the only critical bulletin this month doesn't look very threatening, at least on the surface. The Microsoft Security Research and Defense team blogged about the attack scenario for this bug and described it as "difficult to exploit in a real world scenario," probably because default firewall configuration settings successfully block the attack, he said.
"Enterprise security teams should patch this critical bug fairly quickly anyway because if attackers find a way to leverage it they can gain remote code execution privileges," Storms said.
The Browser Path
Paul Henry, security and forensic analyst at Lumension, pointed to a trend he sees in the security landscape. Overall, he said, it seems the primary threat vector these days is browser and third-party add-ons.
"A recent report noted that malicious domains have increased by 89 percent year-over-year," Henry said. "Simply put, hackers recognize that users simply do not patch their third-party add-ons and, as always, they capitalize on that weakness to compromise our environments."
Henry noted that social media continues to be a risk to the enterprise. After insisting there was no concern, for example, Facebook reportedly corrected an issue that allowed a user to send another user an executable attachment using message capability. Henry said this created an easy platform for launching spear-phishing attacks.
"In addition, an issue in WordPress may have compromised up to 1 million blogs, a problem in the popular tool TimThumb, that when used in WordPress blogs to access photo sites can cause users to be redirected to malicious Web sites," Henry said.
"And let's not forget the cloud. Security issues continue to cause problems this Patch Tuesday period. Thankfully, Amazon is on top of it and corrected an issue that could allow hackers to hijack Amazon customer accounts."