Welcome Break from Microsoft While IT Deals with SSL Cert Issues
Paul Henry - September 13th, 2011
September’s Patch Tuesday from Microsoft is rather light with only 5 Bulletins – none of which are critical.
MS11-070 Elevation of Privilege, Vulnerability in WINS
MS11-070 Remote Code Execution, DLL Linking
MS11-072 Arbitrary Code Execution, Microsoft Excel
MS11-073 Code Execution, Microsoft Office
MS11-074 Elevation of Privilege, Sharepoint
Even with no vulnerabilities rated critical this period, the importance of quickly deploying these upcoming patches should not be overlooked. Prioritize the remote code execution issues first lead by MS11-071, MS11-072 and MS11-073 followed by privilege escalation issues MS11-070 and MS11-074.
In light of the current DigiNotar certificate issues (including the latest threat by the hacker to exploit the Microsoft Windows Update service) the handling of potentially compromised digital certificates is currently top of the list for most IT pros this period. Many IT professionals are already busy dealing with replacing their server certificates and also updating user browser / OS software to revoke trust in compromised certificates so this Patch Tuesday is welcome break.
Mozilla is being very aggressive in dealing with the issue and has sent communication to all CA’s with root certificates in NSS requesting immediate action. This seems to allude to the fact that other CA’s could face the same demise seen at DigiNotar if they are not cooperative and forthcoming. http://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/bf2deb09824418fb?pli=1
Unfortunately, we have already established a dismal record for the start of the second half of 2011 with over 40 high profile breaches in just the first month of the period. Hmmm I hate to say it, but this sounds familiar. That’s one prediction I’d like to say I got wrong.
FREE Scanner
Free eBook &
Over 48% of IT Directors say that mobile devices represent the greatest network security threat.
Comments