The Enterprise Security Supersite
NewsFactor Network Sites:   NewsFactor.com Security CRM Business Sci-Tech Newsletters XML/RSS Feed  
   
Home Network Security Viruses & Malware Spam & Hackers Security Products More Topics...
Data Security
Average Rating:
Rate this article:  
Light Patch Tuesday Release Fixes Serious Threats Light Patch Tuesday Release Fixes Serious Threats
By Jennifer LeClaire
November 11, 2009 8:20AM

Bookmark and Share
Microsoft issued only six patches for November's Patch Tuesday, but three of them are rated critical. The MS09-065 patch fixes a Windows kernel bug, which allows web surfers to be infected. MS09-063 patch fixes a Vista bug already corrected in Windows 7. Patches for Microsoft Excel and Microsoft Word fix eight vulnerabilities.
 


After a record-breaking October, IT administrators are welcoming a relatively light Patch Tuesday this month. But security researchers said there are serious issues that need to be addressed quickly.

Of the six patches Microsoft released Tuesday, three are critical. The three critical fixes focus on bugs in several versions of Windows, but Windows 7 is apparently immune. There are also three updates rated important that IT administrators need to deploy.

MS09-065, a bug in the Windows kernel, is this month's most serious issue, according to Andrew Storms, director of security operations at nCircle. That's because the vulnerability allows for remote code execution, and the attack code can be embedded inside Microsoft Office files or be hosted on web sites.

"Simply browsing an infected web site will compromise unsuspecting users -- not great for all the holiday shoppers looking to get a jump on their shopping," Storms said. "The novelty value of this bug is likely to attract many researchers. A lot of people will try to be the first to publicly post exploit code."

Interesting Vista Bugs

There are three vulnerabilities this month that target a listening service, noted Tyler Reguly, a senior security engineer at nCircle. While none of them are likely to be considered great candidates for exploit, he said, they are worth noting as they all primarily affect the enterprise.

"It is unlikely that the home user will be running a license-logging server Relevant Products/Services or have Active Directory up and running," Reguly said. "While Web Services on Devices affects Vista and Server 2008, the attack vector requires that you be on the local subnet, meaning the home user is unlikely to see any real risk."

As a researcher, Reguly found MS09-063 to be the most interesting bug. The bug affects the Web Services on Devices API, a product only introduced in Vista. The bug appears to have already been fixed and released with Windows 7 RTM.

"The Web Services on Devices API attack interests me greatly, as it's remote code execution on a listening service," Reguly said. "I'm rather excited to dig deeper into this one and find out how it works."

Noteworthy Server Patches

There are also fixes for Microsoft Excel and Microsoft Word in Tuesday's release. MS09-067 addresses eight vulnerabilities in which none are publicly known for Microsoft Excel. MS09-068 affects Microsoft Word and addresses one vulnerability that is not publicly known. In order for a malicious hacker to exploit these vulnerabilities, users would have to open a specially crafted Excel/Word document. (continued...)

1  |  2  |  Next Page >

 

Tell Us What You Think
Comment:

Name:



Advertisement


 Data Security
1.   VMware Reinforces 'IT as a Service'
2.   Hackers Invade iTunes Accounts
3.   Security Threats a Record, IBM Says
4.   Germany To Halt Facebook Checks
5.   Private Modes Have Security Holes


advertisement
ID Theft Targets Kids' SS NumbersID Theft Targets Kids' SS Numbers
Online scam just barely skirts the law.
Average Rating:
Banks Seek Help To Stop CybercrimeBanks Seek Help To Stop Cybercrime
Cyberthieves are staying a step ahead.
Average Rating:
New Tools Fortify Your CyberdefensesNew Tools Fortify Your Cyberdefenses
Software to repel new cyberattacks.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Navigation
Enterprise Security Today
Home/Top News | Network Security | Viruses & Malware | Spam & Hackers | Security Products | Mobile Security | Disaster Recovery | Windows Security
Data Security | EST Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters | Free Whitepapers | XML/RSS Feed

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2010 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.