Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Challenging Patch Update Closes Sharepoint and Internet Explorer Vulnerabilities

Shavlik Technologies : 09 June, 2010  (Technical Article)
Jason Miller of Shavlik Technologies comments on this week's patch release from Microsoft which contains two important bulletins which should be prioritised as a matter of priority
Shavlik Technologies has commented on the latest bulletins released from Microsoft. The company's data and security team manager, Jason Miller says, 'Thiss Patch Tuesday could be one of the more challenging ones for IT administrators this year. Microsoft has released 10 new security bulletins for the June 2010 edition of patch Tuesday. These 10 bulletins address a total of 34 vulnerabilities.

Two security advisories have been closed by Microsoft as the vulnerabilities have been addressed in two new bulletins:

KB980088 - MS10-035: Internet Explorer
KB983438 - MS10-039: SharePoint

The two most urgent bulletins that administrators should address first. MS10-033 addresses two vulnerabilities in Windows that could lead to remote code execution. This bulletin affects Windows media which is very common in with popular social media networking applications. By opening a specially crafted media file or connecting to a malicious server streaming media content can lead to remote code execution. The days of solely focusing on Internet Browsers for patching have changed and Microsoft is very focused on fixing vulnerabilities in their media formats and players. As we move towards a media centric audience, attackers are focusing more and more on media players to go along with browser attacks. I can guarantee that someone on your network, right now, is browsing the Internet looking for a video with Tom Cruise's Tropic Thunder character Les Grossman dance routine from the MTV Movie Awards and there's a good chance one of those video files has been compromised.

MS10-035 is the bi-monthly release of the Cumulative Security Update for Internet Explorer. This bulletin fixes six vulnerabilities where a successful attack can lead to remote code execution. Internet Explorer is one of the most targeted applications for attackers, so Shavlik recommends that administrations address this bulletin immediately.

There are a couple of bulletins that require extra special attention from administrators this month. While patching software has made patch management easier, administrators need to research the bulletins each month for little pieces of information that could adversely affect your network security. For example, MS10-036 has a product that is vulnerable but does not have a patch supplied from Microsoft. Microsoft Office XP SP3 is vulnerable but there are actions you can take to mitigate this vulnerability. If possible, you can upgrade your Office installations to Office 2003 or 2007 as Microsoft is supplying patches for those products. If this is not possible, Microsoft is providing a workaround FixIt tool that will protect against the vulnerability (KB983235). In addition, Microsoft Office 2003 and 2007 must be upgraded to the latest service pack level as well as having the bulletin applied to fix the vulnerability.

Lastly, MS10-040 has a special case for Windows 2003, Vista and 2008 installations. These systems will only be vulnerable if Extended Protection For Authentication has been previously installed. Shavlik encourages IT administrators to move quickly to patch their systems to protect against a large number of vulnerabilities this month.'
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo