Wednesday, April 13, 2011

Windows Update


Windows Update
It’s a new record for Microsoft. On Tuesday, the software giant addressed 64 security vulnerabilities, 30 of which arrived in a single bulletin. Of the 17 (that's 17!) bulletins released, nine were deemed critical. Considering the products covered, it’s going to be a long month for some IT shops.

“When I take a look at the list of bulletins for today, only one word comes to mind: overwhelming. I'm glad I only have to develop detection of these vulnerabilities once and not apply the patches to thousands of systems,” commented Tyler Reguly, technical manager of Security Research and Development for nCircle.
Most experts commenting on this month’s patch release are split when it comes to picking a single patch that should receive top priority in IT.
“It’s a toss-up between the Internet Explorer and SMB patches,” offered nCircle’s director of Security Operations, Andrew Storms.
“Two of the bugs being patched in IE are already being targeted so it should be at the top of the list,” said Storms.
“On the other hand, the SMB server bug is a ‘network aware’ vulnerability that reminds me of MS08-067, the vulnerability that the famous Conficker worm exploited,” he added. “If I absolutely had to pick between the two bugs, I would patch IE first and then immediately patch SMB. You can't delay either of these two patches this month.”
April’s patches cover problems within Microsoft Windows, Microsoft Office (PowerPoint, Excel, and WordPad), Internet Explorer, Visual Studio, .NET Framework and GDI+.
The largest Windows-focused patch centers on the Kernel, with the release of an update to win32k.sys that addresses 30 vulnerabilities on its own. Also of note is the patch for the PWN2OWN bug exploited during this year's CanSecWest event.
Another interesting patch is MS11-030 (Vulnerability in DNS Resolution), which only allows elevation of privileges on Windows XP SP3 and 2003, yet also allows remote code execution on Windows Vista, 2008 and 7.
“This means that anyone that has deployed newer versions of Windows should make sure they carefully review this bulletin,” added Josh Abraham, security researcher at Rapid7.
Given the existing issues with Internet Explorer (MHTML) and the critical nature of SMB, we agree with Storms with regard to his suggestions on patch priorities. Yet, no two IT shops are the same, so focus on what’s most important, especially if you have the new operating systems deployed.
Sources: http://www.thetechherald.com

Share/Bookmark