Microsoft, Adobe unleash flood of security updates
- 14 September, 2011 05:45
Today is Patch Tuesday again. The ninth of the year already. Microsoft has released five new security bulletins, and Adobe has joined the party with some security patching of its own today. With all of the vulnerabilities and updates, though, you need to take a step back to prioritize and figure out which patches are most urgent.
Actually, today is a bit anti-climactic. Due to human error the full security bulletins were made public briefly on Friday, so there has already been a four-day heads up of what to expect. But, now that the security bulletins and associated patches are legitimately public, it's time to take a closer look.
Five security bulletins isn't the lightest month ever, but it is far fewer than some of the Patch Tuesday avalanches we have seen. What is even more unique is that none of the five security bulletins are rated as Critical. All five of the bulletins--MS11-070 through MS11-074--are all rated Important.
"Although none of this month's patches are rated critical, we strongly urge users to pay extra close attention to the Office Uninitialized Object Pointer Vulnerability," said Joshua Talbot, Security Intelligence Manager for Symantec Security Response. "It seems to be a fairly easy to exploit memory corruption issue and leverages extremely common Word files to attack users' computers."
Tyler Reguly, Technical Manager for Security Research and Development at nCircle, explains, " If you're prioritizing bulletins today, it's pretty simple: Excel (MS11-072) comes first, followed by the rest. Some of the more interesting patches (Sharepoint and WINS) only apply to certain software configurations."
Talbot also stresses, though, "Despite the number of patches Microsoft issued today, it's important to not let the out of band advisory Microsoft updated last week slip through the cracks. The advisory essentially revokes Microsoft's trust of various DigiNotar certificates."
Andrew Storms, Director of Security Operations for nCircle concurs on the urgency of the DigiNotar trust revocation. "Microsoft continues its effort to be vigilant about the DigiNotar certificates and is releasing another DigiNotar update. This time it is 'nuking' more certificates related to DigiNotar, specifically ones that were cross-signed by other certificate authorities. Anything and everything associated with DigiNotar is getting purged."
Symantec's Talbot urges, "This update should probably be kept at the top of IT admins' to-do lists--even before any of today's patches-- as there are attacks occurring in the wild leveraging the compromised certificates."
The Microsoft Patch Tuesday is overshadowed to some extent by Adobe's security patch release.
Storms cautions, "In what might be a first time event, Adobe released a batch of 13 CVE's early this morning before the Microsoft patch. It's a definitely improvement over their previous late afternoon releases, but it's still a 'classic' Adobe patch in that we have very little information about the bugs being fixed in the patch. The bad news is that most of them could result in the worst kind of security outcome--remote code execution."
Make sure you check out the patches released by Microsoft and Adobe today and apply the appropriate updates to protect your systems.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Microsoft Security Bulletin Summary for September 2011
- Viruses - Spyware - Internet Protection - Latest New Computer Viruses : Security Response
- Apple Silent on DigiNotar Certificates Hack : PCWorld Business Center
- Dutch Government Struggles to Deal With DigiNotar Hack : PCWorld Business Center
- Adobe - Security Bulletins: APSB11-24 - Security updates available for Adobe Reader and Acrobat
Yahoo Mail still down for some users, after an attempted fix
Queensland government to provide 200 services online by 2015
CIOs need to get their house in order, CFO panel says
Is Data Complexity Blinding Your IT Decision-Making?
Why IT projects really fail
Case Study: The True Value of Conference Calling
In a study by the University of Bradford study, we look at the benefits of a strong telepresence and how organisations can become faster, more focused and environmentally responsible. Click to download!
Securing Virtual Desktop Infrastructure
Today’s enterprises are rapidly adopting desktop virtualisation as a means to reduce operating costs, enable workplace flexibility, increase business agility and bolster their information security and compliance posture. Actually realising these benefits, however, depends upon ensuring the security and availability of the virtual desktop infrastructure. Find out how you can not only preserves the benefits promised by virtual desktops, but how it can maximise them. Click to download!
Building a Strategic Archive
For years, most companies have dealt with the evolving dynamics of data archiving by addressing an immediate need rather than building a long-term strategy. But over time, putting all information on costly storage is likely to be very expensive. This whitepaper explains why it’s time for organizations to start to strategically evaluate archive solutions for capabilities they need, both now and in the future. While no technology is future proof, an archiving solution can make you “future ready.”