Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Adobe exploits patched

Shavlik Technologies : 13 January, 2010  (Technical Article)
Jason Miller of Shavlik Technologies gives some background on the Microsoft bulletin issued this week as well as the Adobe fix for exploits on Acrobat and Reader
Microsoft has released one new security bulletin for January. This Patch Tuesday also marks the quarterly security bulletin release for Adobe. The highly publicized exploit for Adobe Acrobat and Reader will be patched today.

Unlike most months, what the bulletin administrators should look at first is the Adobe patch when it is released later today. This bulletin will patch vulnerabilities that are currently in the wild affecting users. With any zero-day exploit, it is important to address the issue as soon as possible.

Microsoft's bulletin, MS10-001, affects the way the operating system handled Embedded OpenType (EOT) Fonts. Because EOT fonts are typical on websites, it is important to patch client systems first. A vulnerable client system needs only to visit a website containing malicious EOT fonts to allow remote code execution on the machine.

Even though this bulletin affects all operating systems, Windows 2000 is the only operating system with a high severity rating. It is rated as 'Critical' by Microsoft with the remaining operating systems rated as 'Low.' This is because Windows 2000 actively uses the vulnerable code to decompress the EOT files. The other operating systems do not use this code to do this. Although, Microsoft is rating this as Low instead of not applicable because it could be theoretically possible to have a third party program use the code on these operating systems.
The likelihood of this scenario is extremely low. This bulletin addresses one vulnerability that is not publically known at this time.

This may seem like an extremely light month for new Microsoft Security Bulletins, but the past few years has shown us this trend:

•January 2009 - 1 Security Bulletin
•January 2008 - 2 Security Bulletins
•January 2007 - 2 Security Bulletins

Administrators should be prepared for next month if the trends hold true:

•February 2009 - 4 Security Bulletins
•February 2008 - 11 Security Bulletins
•February 2007 - 11 Security Bulletins
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo