Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Lumension Examines Updates For Patch Tuesday

Lumension Security : 12 August, 2010  (Technical Article)
Microsoft's monthly bulletin update comes at a time when IT Administrators are undergoing considerable stress with other flaw remediation actions required for addressing other supplier's vulnerabilities
As predicted, IT administrators will be tackling a bumper Patch Tuesday from Microsoft this August - covering 15 bulletins, nine of which are critical. IT administrators will have their work cut out this month, facing a disruptive Patch Tuesday, flaw remediation concerns from other vendors as well as the latest web-based malware - Zeus v3.

Alan Bentley, SVP International at Lumension comments: "As always, the initial priority for IT administrators should be the nine critical vulnerabilities, but the remaining important and moderate patches must not be ignored. In today's environment, the combination of lesser impact vulnerabilities with critical vulnerabilities can provide a greater chance of success for cyber criminals.

"While Microsoft rushed out an out of band patch last week for the LNK issue, putting out a lot of these fires, one new day zero remains un-patched - a kernel level vulnerability impacting all versions of Windows (including Windows 7). The vulnerability involves a heap overflow which is more difficult to take advantage of than a traditional buffer overflow. However, if executed, it can reportedly afford escalation of privilege, denial of service, or potentially execute arbitrary code with kernel privileges.

"Although the spotlight is on Microsoft today, let us not forget that Microsoft does not exclusivity on software vulnerabilities. Since the July Patch Tuesday, CERT has released more than 130 Bulletins for software vulnerabilities rated high (CVSS score of 7.0 - 10), with Microsoft noted as the vendor in only one of them.

"As well as tackling Microsoft's bumper Patch Tuesday IT administrators will be focusing on flaw remediation concerns from other vendors:

* Apple is preparing to roll out a patch for a serious issue that could Jail-Break an iPhone, iTouch or iPad device. The exploit could be triggered by a drive-by malware site or by tricking the user into opening a specially crafted PDF;

* Adobe is creating a patch for Adobe Reader 9.3.3 for Windows, Mac OS X, and UNIX, and Adobe Acrobat for Windows and Mac, as well as Reader and Acrobat version 8.2.3 for the same platforms to resolve a number of security issues; and,

* Chrome and Mozilla have produced a flurry of browser patches this period. It is important to note that the Chrome patches were installed silently, and Mozilla is reportedly going to introduce silent patching in the upcoming release of the browser.

"Microsoft and Adobe are also in the headlines following the discovery of Zeus v3 attack which has targeted the online banking customers of a UK high street bank. The attack is said to be due to gaps in either Microsoft IE browser or Adobe Reader software.

"Zeus v3 is a web-based malware dependent on users visiting infected web pages, and then infecting unprotected desktops. IT administrators need to ensure that their corporate networks are protected against threats like Zeus v3 - simply preventing the known bad can no longer sufficiently protect an organisation from potential threats. Malware can only infect a network if it has a place to execute. Technology such as intelligent whitelisting, which allows only what the organisation knows to be good to become active in the network, puts control back in the hands of the business and out of the hands of the hackers."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo