Microsoft to release three patches next week, but no patch for Internet Explorer zero-day flaw   Leave a comment

Microsoft is to release three updates to address 11 vulnerabilities on its Patch Tuesday for November.

The patches include one critical issue and one important issue in Microsoft Office and one important vulnerability in its Unified Access Gateway (UAG).

Wolfgang Kandek, CTO of Qualys, said: “A ‘critical’ rating on an Office program is fairly rare, most vulnerabilities on the Office suite are categorised as ‘important’ because they typically require user interaction to get a successful exploitation.

“Critical here indicates a vulnerability that can be used to take control of the target machine without user interaction, such as MS10-064, where visualising an email in Outlook’s preview pane was sufficient to trigger the flaw.”

Alan Bentley, SVP International at Lumension, said: “Following the biggest patch Tuesday on record last month, Microsoft is catching its breath with just three bulletins to be issued for November. Only one is critical, but all three may require a restart.

“So it might be a quieter month on the Microsoft front, but IT managers will still have their hands relatively full with a number of other notable patches from Adobe, Mozilla and Linux to contend with.”

Bentley also referenced the zero-day flaw which affects three versions of Internet Explorer, which while active in the wild is still unpatched. Microsoft said that it has released a workaround to the flaw and that it takes this action very seriously and where possible, will take legal action against those responsible.

Jerry Bryant, group manager of response communications at Microsoft’s Trustworthy Computing Group, said: “We are working to develop a security update to address this attack against our customers. The issue does not meet the criteria for an out-of-band release. However, we are monitoring the threat landscape very closely and if the situation changes, we will post updates on the MSRC blog.”

Bentley said: “This could leave many users waiting for more than a month before they know they are fully protected from this threat, because a workaround typically is not implemented by the majority of users. On the run up to Christmas, with industry experts predicting online shopping in the UK to increase by 23 per cent from 2009, it seems rather surprising that Microsoft have not prioritised a patch.

http://www.scmagazineuk.com/microsoft-to-release-three-patches-next-week-but-no-patch-for-internet-explorer-zero-day-flaw/article/190225/?DCMP=EMC-SCUK_Newswire

Advertisements

Posted November 11, 2010 by axxerainc in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: