h1

Merry Christmas – Microsoft has a gift for you!

December 14, 2010

Microsoft is releasing another 17 updates addressing 40 vulnerabilities in Microsoft Windows, Office, Internet Explorer, SharePoint and Exchange. Of the 17, two bulletins are rated Critical, 14 are rated Important, and one is rated Moderate.

A serious remotely exploitable bug in Internet Explorer has cropped up and there is a publicly available exploit code for the new bug.  The flaw affects IE 8, IE 7 and IE 6 running on most of the currently supported versions of Windows, including Windows 7, Windows Vista and Windows XP SP3.  The vulnerability could be exploited by remote attackers and used to take complete control of a vulnerable system.

Implications:

Patch management and security event monitoring is a continuous and critically important job.  Organizations should continually monitor CERT and SANs sites for the disclosure of new security vulnerabilities and updates.  “Best Practice” dictates the you log each new vulnerability/update and your determination of the applicability to your environment.  If determined to apply you should follow your methodology for applying updates and ensuring the success of their installation.

While some organizations might be tempted to say “We don’t have the resources to follow your recommendations!”, we encourage resistance to raising a white flag and instead recommend reallocation of your scarce resources to make patch management and security event monitoring an absolute priority.

Why?  Our stance is now more stringent than ever before.  In our view the game has changed.  We are know longer battling the pimple-faced script kiddie who might try and hack our systems.  We are battling the Russian Business Network, organized crime, foreign governments, criminal hackers and hacking enthusiasts.  We simply can no longer afford to be patient with your patch management.

TrustCC’s security vulnerability and penetration testing services will evaluate whether your current security patch management practices are effective.

Following are the CERT and SANs websites.

CERT:  http://www.us-cert.gov/current/

SANs Storm Center:  http://isc.sans.edu/index.html

– TAG

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: