Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Latest Microsoft patch release closes Vista vulnerabilities

Lumension Security : 15 August, 2007  (Technical Article)
Critical patches released by Microsoft cover a wide range of exposures making them essential to implement.
Alan Bentley, Regional VP of PatchLink EMEA comments on the latest patch release from Microsoft:

"This month's Patch Tuesday has headache written all over it. Although this is not Microsoft's biggest Patch Tuesday in terms of number, the details of the patches indicate a broad-spectrum of exposure. The potential attack vectors exposed by these vulnerabilities include direct OS targeting (including Vista x32 and x64), fully-patched Internet Explorer 6 and 7, XML core services, Windows Media Player and Office. This is a target rich environment for hackers. Organisations need to remediate these vulnerabilities as quickly as possible to avoid falling victim to quick turnaround exploits."

"All six critical patches require system reboots. Along with two of the 'important' patches, the critical patches all address vulnerabilities which, if exploited, could allow remote code execution of PCs enabling and allow hackers to complete control of the system. This creates a nightmare scenario, and is not far off from complete administrator access—the favorite attack vector."

"MS07-044 affects Office running on a variety of Windows operating systems as well as Office 2004 for Mac. This is part of an alarming trend: dozens of vendors have already issued remote code execution patches and advisories this month. There are an increasing number of attacks occurring at the application layer, illustrating the need for a cross-platform vulnerability management strategy. Only paying attention to Microsoft—no matter how serious this round of patches may be—does not promote a secure foundation. Organisations must be vigilant across all their applications and operating systems."

"Some of the patches that labeled 'important' should be treated as critical. For instance, MS07-047 addresses a vulnerability that allows remote code execution through Windows Media Player. This is only given a rating of 'important' because it requires some form of user interaction, but many users browsing the Internet are viewing media. Even if an organisation blocks certain Web sites or Active content, they typically don't block streaming media which could easily trick users into compromise if this vulnerability is exploited."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo