Microsoft, Adobe unleash flood of security updates
- 14 September, 2011 05:45
Today is Patch Tuesday again. The ninth of the year already. Microsoft has released five new security bulletins, and Adobe has joined the party with some security patching of its own today. With all of the vulnerabilities and updates, though, you need to take a step back to prioritize and figure out which patches are most urgent.
Actually, today is a bit anti-climactic. Due to human error the full security bulletins were made public briefly on Friday, so there has already been a four-day heads up of what to expect. But, now that the security bulletins and associated patches are legitimately public, it's time to take a closer look.
Five security bulletins isn't the lightest month ever, but it is far fewer than some of the Patch Tuesday avalanches we have seen. What is even more unique is that none of the five security bulletins are rated as Critical. All five of the bulletins--MS11-070 through MS11-074--are all rated Important.
"Although none of this month's patches are rated critical, we strongly urge users to pay extra close attention to the Office Uninitialized Object Pointer Vulnerability," said Joshua Talbot, Security Intelligence Manager for Symantec Security Response. "It seems to be a fairly easy to exploit memory corruption issue and leverages extremely common Word files to attack users' computers."
Tyler Reguly, Technical Manager for Security Research and Development at nCircle, explains, " If you're prioritizing bulletins today, it's pretty simple: Excel (MS11-072) comes first, followed by the rest. Some of the more interesting patches (Sharepoint and WINS) only apply to certain software configurations."
Talbot also stresses, though, "Despite the number of patches Microsoft issued today, it's important to not let the out of band advisory Microsoft updated last week slip through the cracks. The advisory essentially revokes Microsoft's trust of various DigiNotar certificates."
Andrew Storms, Director of Security Operations for nCircle concurs on the urgency of the DigiNotar trust revocation. "Microsoft continues its effort to be vigilant about the DigiNotar certificates and is releasing another DigiNotar update. This time it is 'nuking' more certificates related to DigiNotar, specifically ones that were cross-signed by other certificate authorities. Anything and everything associated with DigiNotar is getting purged."
Symantec's Talbot urges, "This update should probably be kept at the top of IT admins' to-do lists--even before any of today's patches-- as there are attacks occurring in the wild leveraging the compromised certificates."
The Microsoft Patch Tuesday is overshadowed to some extent by Adobe's security patch release.
Storms cautions, "In what might be a first time event, Adobe released a batch of 13 CVE's early this morning before the Microsoft patch. It's a definitely improvement over their previous late afternoon releases, but it's still a 'classic' Adobe patch in that we have very little information about the bugs being fixed in the patch. The bad news is that most of them could result in the worst kind of security outcome--remote code execution."
Make sure you check out the patches released by Microsoft and Adobe today and apply the appropriate updates to protect your systems.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Microsoft Security Bulletin Summary for September 2011
- Viruses - Spyware - Internet Protection - Latest New Computer Viruses : Security Response
- Apple Silent on DigiNotar Certificates Hack : PCWorld Business Center
- Dutch Government Struggles to Deal With DigiNotar Hack : PCWorld Business Center
- Adobe - Security Bulletins: APSB11-24 - Security updates available for Adobe Reader and Acrobat
Trust issue looms large for tech companies capitalizing on personal data
5 women who've made it in IT
Five trends affecting legal CIOs
CIO Roundtable: The changing face of security
Bitcoin malware count soars as cryptocurrency value climbs
How to Successfully Select an ERP System
An Enterprise Resource Planning (ERP) system is a series of software applications that collect and compiles data from different departments to enhance collaboration and co-ordination within the business. If you’re looking to implement your first ERP system, or to upgrade from an existing system, this whitepaper offers eight simple steps for selection that will lead to long-term strategic success.
The Power of Transformational Knowledge
Apple saves $5 million a year on case and email deflection, while its agents find information 47 per cent faster than before they invested in something called Transformational Knowledge. In today’s consumer-empowered marketplace, you cannot afford negative customer experiences. However many companies lack the tools and processes required to empower their employees to deliver great customer experiences. In this whitepaper, we look at how to breakdown silos and deliver great customer experiences.
‘A Little Extra Service’ Raises Customer Satisfaction and Lowers Costs
Companies are responding to the digital generation’s preference for online support, with new channels like Live Chat and Email Management. These mobile-friendly solutions give customers the right answers at the right time, when self-service just isn’t enough, and phone calls are undesirable. Read about these new touch points and the importance of a personalized web self-service.