|
Shavlik Technologies statement on today’s Patch Tuesday release - 1/12/10
by Jason Miller |
|
Microsoft has released one new security bulletin for January. This Patch Tuesday also marks the quarterly security bulletin release for Adobe. The highly publicized exploit for Adobe Acrobat and Reader will be patched today.
Unlike most months, what the bulletin administrators should look at first is the Adobe patch when it is released later today. This bulletin will patch vulnerabilities that are currently in the wild affecting users. With any zero-day exploit, it is important to address the issue as soon as possible.
Microsoft’s bulletin, MS10-001, affects the way the operating system handled Embedded OpenType (EOT) Fonts. Because EOT fonts are typical on websites, it is important to patch client systems first. A vulnerable client system needs only to visit a website containing malicious EOT fonts to allow remote code execution on the machine.
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
 |
The Top 10 Reports for Managing Vulnerabilities | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
Even though this bulletin affects all operating systems, Windows 2000 is the only operating system with a high severity rating. It is rated as "Critical" by Microsoft with the remaining operating systems rated as "Low." This is because Windows 2000 actively uses the vulnerable code to decompress the EOT files. The other operating systems do not use this code to do this. Although, Microsoft is rating this as Low instead of not applicable because it could be theoretically possible to have a third party program use the code on these operating systems. The likelihood of this scenario is extremely low. This bulletin addresses one vulnerability that is not publically known at this time.
This may seem like an extremely light month for new Microsoft Security Bulletins, but the past few years has shown us this trend:
- January 2009 – 1 Security Bulletin
- January 2008 – 2 Security Bulletins
- January 2007 – 2 Security Bulletins
Administrators should be prepared for next month if the trends hold true:
- February 2009 - 4 Security Bulletins
- February 2009 - 11 Security Bulletins
- February 2009 - 11 Security Bulletins
Tags: Adobe Security Advisory, Microsoft Security Bulletins, Zero-Day Exploit
This entry was posted on Tuesday, January 12th, 2010 at 11:40 AM and is filed under Community Manager, Patch Tuesday, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
|
| Our New Offices... Our offices recently underwent a redesign of its own. Here are some photos of our new digs.... How To Find Your Next Job Using Social Media I'm attending the next WebGuild Event on an interesting topic about yet another means for tapping into your social network: How To Find Your Next Job Using Social Media. The event is on Tuesday, August 17, 2010 from 6-9:00 PM... POLL: Treatment of Link Tips Versus Standard Links We've been working on better differentiating on our site standard hyperlinks from link tips which render a popup callout bubble. What's your vote? QUESTION 1: Option 1: Do you prefer the 'help' cursor onmouseover for link tips? Option 2: Or... |
|
| PayPal UK Launch Security Key - Guest Posting from PayPal I am happy to say they are using VeriSign Identity Protection to deliver this, which means that PayPal Customers will be able to use their token at other sites who join the VIP network. PayPal are the first UK members of the network, but there are around 30 other members in different countries around the world so you can expect to see more places where you can use your token in the UK appearing shortly. Facebook scam - Part 2 This just in from the BBC web site, Symantec have identified a virus that steals user names and passwords, nothing new there. But, if I understand this right, it is delivered through a Facebook invitation from someone you don't know and delivers malware which can then steal user names / passwords and also keylog credit card info. Survey finds passwords are not secure - well d'uh! I don't think the vendor community has been crying wolf about the problems that stronger authentication solves, more like highlighting that this problem is here and growing. Well the discussion I have had recently with many different organisations across many different industries are now resulting in more and more consumer projects in this area |
|
| Cloud Identity, Trust and the Liability Elephant. I have been involved with a couple similar initiatives around certification for identity and thought it would be interesting to explain the logic behind these efforts. The first initiative is led by the Open Identity Exchange and is based on... Greek Heroes, Facebook and Trust When Achilles was a baby, the oracle predicted that he would die in battle from an arrow. Thetis, Achilles' mother who did not want her son to die decided to dip Achilles' body into the water of a river that... PCI for the Cloud For most enterprise and security vendors, the cloud is fascinating both as a technology and a business disruptor. In fact, SAAS CEOs such as Successfactor, SalesForce and NetSuite are hot shots in Silicon Valley these days. Yet, most of us... |
|
