Microsoft Security Fixes Arrive With More Vulnerabilities

  /     /     /  
Publicated : 22/11/2024   Category : security


Microsoft Security Fixes Arrive With More Vulnerabilities


Computer security looks more and more like a game of Whac-A-Mole.



Microsoft on Tuesday released
12 security bulletins
addressing 22 vulnerabilities as part of its regularly scheduled patch cycle.
Five of the vulnerabilities are designated critical and should be patched as soon as possible. Affected software includes Internet Explorer, Office, and Windows.
Microsofts security patch closes three zero-day vulnerabilities related to Internet Explorer Cascading Style Sheets (CSS), Windows thumbnail images, and an IIS FTP flaw. HP/TippingPoints Zero Day Initiative (ZDI) however disclosed five new ones: four affecting Excel and one affecting PowerPoint.
The IE CSS flaw is being actively exploited, according to Symantec, and should be fixed immediately. The relevant patch, MS11-013, covers two privately reported vulnerabilities. Joshua Talbot, security intelligence manager with Symantec Security Response, expects that if cybercriminals are able to reverse engineer the patch, we will see attempts to exploit the related uninitialized memory corruption vulnerability.
Its going to be a particularly busy month of patching. Adobe is expected to release a security update on Tuesday while Oracle is expected to release its quarterly security update later in February. And ZDI on Monday, per its disclosure policy, published
21 zero-day vulnerabilities
affecting various enterprise vendors, including Microsoft.
These vulnerabilities were made public before the patches were actually available because the advisory had been in the vendors hand for longer than 180 days, explained Qualys CTO Wolfgang Kandek.
Microsoft has been frequently criticized for its slow response to security flaws. Last summer, a team of Google security researchers in a blog post
wrote
, We’ve seen an increase in vendors invoking the principles of responsible disclosure to delay fixing vulnerabilities indefinitely, sometimes for years; in that timeframe, these flaws are often rediscovered and used by rogue parties using the same tools and methodologies used by ethical researchers.
Microsoft has continued to defend its view of what responsible disclosure should be and characterized Googles approach as amplifying risk.
In addition to its monthly security patch, Microsoft also released a security advisory stating that it has released an update to its Autorun feature that will restrict AutoPlay functionality to CDs and DVDs. If deployed, this update will reduce the danger posed by USB thumb drives, which can be rigged with malware designed to infect through the Autorun mechanism.
[T]he delivery of the disabled Autorun for thumb drives is a huge increase in security for users, said Tyler Reguly, technical manager of security research and development for nCircle, in an e-mailed statement. Malware commonly spreads via Autorun, and lately weve seen malware ship on a large number of consumer products, so this added protection can only be good for the end user.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Security Fixes Arrive With More Vulnerabilities