Microsoft Patches 20 Vulnerabilities and Debuts Index

October 15th, 2008 | Category: Technology News

Microsoft’s October Patch Tuesday list is hauntingly large. Redmond issued 11 bulletins that address 20 vulnerabilities, nine of them rated as critical.

that month’s Path Tuesday plus delivered a first — Microsoft’s rankings of how likely it is for a hacker to exploit each vulnerability.

The two critical server-side vulnerabilities in Active Directory and Host Integration Server are of the greatest concern and have the potential to be quite severe, according to Ben Greenbaum, senior research manager for Symantec protection Response.

“Server-side vulnerabilities are still the mechanism of choice for attackers to modify trusted resources, and they are dangerous considering they do not require any user interaction and can lead to complete compromise of the host computer,” Greenbaum said. “Once a server is compromised, the attackers typically embed further attacks against that server’s users in public-facing substance.”

Rethinking ‘Trusted’ Applications

MS08-56, MS08-57, and MS08-58 are client-side vulnerabilities — and Web Explorer and Microsoft Office are

targets. As the number of client-side vulnerabilities continue to increase, IT admins need to rethink what the average user considers to be a trusted application, according to Tyler Reguly, a defense engineer at nCircle.

“If I were to ask my wife, who works in an office, whether she had to be concerned about Microsoft Office protection when she goes online, she’d most likely ask me why. that is considering she thinks of it as an application on the computer,” Reguly said.

Reguly’s point is that: citizens trust Office considering they don’t think about interacting with it online. However, he noted, a Google search could just as easily return a file that takes advantage of Office vulnerabilities as it could IE vulnerabilities. As more of these vulnerabilities are exploited, he continued, it’s critical for society to learn that they can’t trust these traditionally “local” applications.

Meanwhile, vulnerabilities like MS08-061, MS08-064 and MS08-066,…

Orginal post by Mike

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists

Related Articles
  • Patch Tuesday Vulnerabilities Include Two Key Servers
  • Patch Tuesday Addresses Eight Critical Vulnerabilities
  • Microsoft Issues Largest Number of Patches Since 2003
  • Patch Tuesday Fixes a Record 26 Vulnerabilities
  • Microsoft Partners Will Get Advance Patch Tuesday Info

    • No comments yet. Be the first.

    Leave a reply