August 15, 2007 9:02AM  |
The number of updates Microsoft issued on August’s Patch Tuesday dwarfs the number of patches released over the past several months and highlights the new frontier of Web-based attacks and next-generation media vulnerabilities, according to Amol Sarwate, manager of the vulnerability research lab at Qualys.
Can your data management strategy keep up with massive data growth? Don’t back up. Solve Forward with CommVault Simpana Software. Learn how at SolveForward 2012, an eye-opening virtual event exploring the challenges and solutions that will shape the modern data center. Register now.
 Get ready to roll up your sleeves. If you are in the I.T. department, you are going to be busy for a while. On Patch Tuesday yesterday, Microsoft issued its second-largest set of updates this year with nine security bulletins altogether.The updates fix 14 vulnerabilities. Eight bugs are rated critical, four are rated important, and two are considered moderate. The patches fix holes in Windows , Windows Gadgets, Windows Media Player, Office, Excel, Internet Explorer, Visual Basic, Virtual Server, and Virtual PC . “Many of the vulnerabilities addressed by Microsoft’s fixes could be exploited if a Windows user simply visits a malicious Web site,” said Dave Marcus, security research and communications manager at McAfee Avert Labs. “Microsoft’s patches again underline the trend of malware writers seeking out the Web browser as a means of attack and reinforce the need of safe browsing habits.”
With six critical flaws, I.T. admins are charged with targeting the most potentially dangerous of the bunch first. According to Sheldon Malm, a vulnerability researcher for nCircle, one of the most critical vulnerabilities is covered in security bulletin MS07-042, which describes the update for an XML services vulnerability. “XML is so pervasive — it ships with so many different products and sits in so many different places on an enterprise network ,” he said. Malm said he was most concerned about bulletin MS07-048, which describes three vulnerabilities in Vista gadgets. The RSS feed gadget vulnerability could allow a hacker that has gained control of a blog to create a malicious post and distribute it to everyone who subscribes to the RSS feed. “RSS feeds have the potential to become the next big vector for worms or bots because it exploits an existing trust relationship. People place implicit trust in the security of the information source when they use RSS feeds,” Malm said.
This month’s Patch Tuesday dwarfs the number of updates released over the past several months and highlights the new frontier of Web-based attacks and next-generation media vulnerabilities, according to Amol Sarwate, manager of the vulnerability research lab at Qualys. In total, August’s updates address 14 vulnerabilities in Microsoft applications that touch all Windows users, from the home to the office. (continued…)
|
