Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Critical Patch Issued By Microsoft

Symantec : 13 January, 2011  (Technical Article)
Symantec comments on the light patch release from Microsoft and advises IT Administrators to address the critical bulletin
Microsoft has issued two security bulletins which address three vulnerabilities. Just one of these vulnerabilities has been rated critical by Microsoft.

 

“The critical Microsoft Data Access Components vulnerability is one of two MDAC issues fixed this month,” said Joshua Talbot, security intelligence manager, Symantec Security Response. “These components are a collection of technologies that enable applications – both from Microsoft and third-party developers – to access and manipulate databases.”

 

“The patch for the critical vulnerability corrects a problem in the way MDAC validates memory allocation,” Talbot added. “The other patch fixes an issue – marked as important – in the way MDAC validates third-party usage of a Microsoft API. Both vulnerabilities can be exploited by drive-by download, meaning simply viewing a legitimate site that has been compromised by an attacker can lead to a user’s machine being exploited.”

 

“The vulnerability in the Backup Manager DLL that was also patched has exploit code publicly available, but we haven’t seen any attacks attempt to use it in the wild,” Talbot concluded. “Because an exploit would require a user to take some fairly uncommon steps  – such as opening up a Windows backup or ‘.wbcat’ file from an SMB or WebDAV server  – it’s less appealing as an attack vector than other vulnerabilities out there that require much less of the user.”

 

Symantec strongly encourages users to patch their systems against all vulnerabilities addressed this month.

 
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo