This month’s Patch Tuesday has headache written all over it
- 15 August, 2007 11:14
<p>“This month’s Patch Tuesday has headache written all over it,” said Chris Wood PatchLink ANZ Director. “Although this is not Microsoft’s biggest Patch Tuesday in terms of number, the details of the patches indicate a broad-spectrum of exposure. The potential attack vectors exposed by these vulnerabilities include direct OS targeting (including Vista x32 and x64), fully patched Internet Explorer 6 and 7, XML core services, Windows Media Player and Office. This is a target rich environment for hackers. Organisations need to remediate these vulnerabilities as quickly as possible to falling victim to quick turnaround exploits.”</p>
<p>“All six critical patches require system reboots. Along with two of the ‘important’ patches, the critical patches all address vulnerabilities that, if exploited, could allow remote code execution of PCs enabling and allow hackers to complete control of the system. This creates a nightmare scenario, and is not far off from complete administrator access—the favorite attack vector.”</p>
<p>“One of the critical patches affects Office running on a variety of Windows operating systems as well as Office 2004 for Mac. This is part of an alarming trend: dozens of vendors have already issued remote code execution patches and advisories this month. There are an increasing number of attacks occurring at the application layer, illustrating the need for a cross-platform vulnerability management strategy. Only paying attention to Microsoft—no matter how serious this round of patches may be—does not promote a secure foundation. Organisations must be vigilant across all their applications and operating systems.”</p>
<p>“Some of the patches that labeled ‘important’ should be treated as critical. For instance, #6 addresses a vulnerability that allows remote code execution through Windows Media Player. This is only given a rating of ‘important’ because it requires some form of user interaction, but many users browsing the Internet are viewing media. Even if an organisation blocks certain Web sites or Active content, they typically don’t block streaming media which could easily trick users into compromise if this vulnerability is exploited.”</p>
<p><b>Note To Editor</b></p>
<p>If you would like to discuss in detail with Chris Wood, PatchLink ANZ Director, please contact Sarah on 02 9212 3848 or firstname.lastname@example.org</p>
<p><b>About PatchLink® Corporation</b></p>
<p>PatchLink, a global leader in vulnerability management solutions, provides the industry’s first comprehensive security platform for unified protection and control of all enterprise servers and endpoints. More than 5,000 organisations around the globe use PatchLink’s positive security model solutions to integrate management and administration, consolidate infrastructure, enforce enterprise-level policies, lower cost of ownership and reduce risk. PatchLink is headquartered in Scottsdale, Arizona and was founded in 1991 by Sean Moshir.</p>
<p>©2007 PatchLink Corporation. All rights reserved. PatchLink, SecureWave, the PatchLink logo, and the PatchLink and Sanctuary product names and logos are either registered trademarks or trademarks of PatchLink Corporation. In addition, other companies’ names and products mentioned in this document, if any, may be either registered trademarks or trademarks of their respective owners.</p>
- Tech giants unite in stance against government cyber attacks
- Patriot games: NAB CTOO Patrick Wright’s tech insourcing play
- How Ricci Jandu and his team are resuscitating failing tech at two Queensland hospitals
- What happened to Facebook’s 'revenge porn' prevention pilot?
- How can businesses protect their customers as well as the value of data?