.jpg)
Microsoft has decided to end the patch year with a bang by scheduling seven security Patch Tuesday updates to fix flaws in Windows and Internet Explorer.
Despite just celebrating its first birthday, Vista is affected by five of the seven updates. "That's no small percentage," wrote Andrew Storms, director of security operations at nCircle. "This perpetuates the fact that even though Microsoft said it was secure, it still needs plenty of patches."
And three of the patches are rated as critical. Alan Bentley, regional vice president of Lumension for Europe, Middle East and Africa (EMEA) said: "After a light Patch Tuesday in November, security administrators will have their hands full this month."
The three critical patches all address remote code execution, which Bentley said should be rolled out as quickly as possible. "The vulnerabilities are web-based, and hackers can prey on unsuspecting end-users by dropping malicious code into videos and other media on legitimate websites," he added.
"This is particularly troublesome because attackers can prey on users as the weakest IT security link by posting seemingly harmless videos on YouTube, MySpace, Facebook or similar sites. If a user watches one of these infected videos, malware will execute, compromise their machine and put the entire network at risk."
There is also the potential for these critical vulnerabilities to also be exploited directly through web-based email. "This will allow hackers to target individual users or user groups, making attacks much more difficult to identify," Bentley said.
One of the critical vulnerabilities (bulletin seven) affects both Internet Explorer (IE) 6 and IE 7. He said: "This is concerning since it will affect the entire Internet Explorer user community. It is vital to deploy this patch as quickly as possible because it affects a larger number of users than is typical."
0 comentarii:
Trimiteţi un comentariu