Shavlik Statement on June Patch Tuesday

"Today’s Patch Tuesday could be one of the more challenging ones for IT administrators this year. Today, Microsoft has released 10 new security bulletins for the June 2010 edition of patch Tuesday. These 10 bulletins address a total of 34 vulnerabilities.

Two security advisories have been closed by Microsoft as the vulnerabilities have been addressed in two new bulletins:

KB980088 – MS10-035: Internet Explorer
KB983438 – MS10-039: SharePoint

The two most urgent two bulletins that administrators should address first. MS10-033 addresses two vulnerabilities in Windows that could lead to remote code execution. This bulletin affects Windows media which is very common in with popular social media networking applications. By opening a specially crafted media file or connecting to a malicious server streaming media content can lead to remote code execution. The days of solely focusing on Internet Browsers for patching have changed and Microsoft is very focused on fixing vulnerabilities in their media formats and players. As we move towards a media centric audience, attackers are focusing more and more on media players to go along with browser attacks. I can guarantee that someone on your network, right now, is browsing the Internet looking for a video with Tom Cruise’s Tropic Thunder character Les Grossman dance routine from the MTV Movie Awards and there’s a good chance one of those video files has been compromised.

  – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –  
The Top 10 Reports for Managing Vulnerabilities
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

MS10-035 is the bi-monthly release of the Cumulative Security Update for Internet Explorer. This bulletin fixes six vulnerabilities where a successful attack can lead to remote code execution. Internet Explorer is one of the most targeted applications for attackers, so Shavlik recommends that administrations address this bulletin immediately.

There are a couple of bulletins that require extra special attention from administrators this month. While patching software has made patch management easier, administrators need to research the bulletins each month for little pieces of information that could adversely affect your network security. For example, MS10-036 has a product that is vulnerable but does not have a patch supplied from Microsoft. Microsoft Office XP SP3 is vulnerable but there are actions you can take to mitigate this vulnerability. If possible, you can upgrade your Office installations to Office 2003 or 2007 as Microsoft is supplying patches for those products. If this is not possible, Microsoft is providing a workaround FixIt tool that will protect against the vulnerability (KB983235). In addition, Microsoft Office 2003 and 2007 must be upgraded to the latest service pack level as well as having the bulletin applied to fix the vulnerability.

Lastly, MS10-040 has a special case for Windows 2003, Vista and 2008 installations. These systems will only be vulnerable if Extended Protection For Authentication has been previously installed. Shavlik encourages IT administrators to move quickly to patch their systems to protect against a large number of vulnerabilities this month."


About Shavlik

Shavlik, a global leader in simplifying the complexity of IT management, is dedicated to significantly reducing the time-to-value for IT professionals from months to minutes. Shavlik’s Protect, Configure, SCUPdates and Management Intelligence are some of its on-premise and cloud base solutions that enable customers to manage both physical and virtual machines, deploy software, discover assets, simplify configuration, control power usage and ensure endpoint security. By bringing the sophisticated capabilities enjoyed by large companies to organizations of all sizes and types, Shavlik is driving the democratization of IT.

, ,

No comments yet.

Leave a Reply