Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Light Patch Tuesday With No Critical Vulnerabilities

Symantec : 11 March, 2010  (Technical Article)
Symantec provides its perspective on Microsoft's patch release which significantly didn't include a fix for an IE vulnerability for which proof-of-concept exploit code exists
This month, Microsoft issued two security bulletins which address eight vulnerabilities, none of which Microsoft has rated as critical.

"Since Windows 7, Microsoft has seemed to downgrade file-based vulnerabilities," said Joshua Talbot, security intelligence manager, Symantec Security Response. "In the past, I think many of the vulnerabilities patched this month could have been rated critical, but with protections like DEP and ASLR, these types of vulnerabilities are less of an issue for Windows 7. My concern is that in many enterprise environments, Windows XP is still common, and these vulnerabilities are more serious on XP and older systems."

"Microsoft didn't patch the win32hlp Internet Explorer vulnerability made public just over a week ago," Talbot added. "We've seen proof-of-concept exploit code for this vulnerability, but haven't seen any attacks using it in the wild."

"A unique user interaction is required to make the IE vulnerability work, but an attacker could engineer an exploit that would entice a user to carry out the action," Talbot concluded. "For example, causing a pop-up window to appear repeatedly until the user hits the necessary key to make it stop, which would subsequently also cause the machine to become infected."

Symantec strongly encourages users to patch their systems against all these vulnerabilities. In addition, enterprises are encouraged to consider implementing an automated patch management solution to help mitigate risk.

In addition to Microsoft's Patch Tuesday updates, the company yesterday also issued an advisory for a new zero day vulnerability affecting Internet Explorer," continued Talbot, "Symantec has observed exploitation of this vulnerability in the wild and has created Trojan.Malscript!html and JS.Downloader detection to mitigate this attack."

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo