Patch Tuesday Vulnerabilities Include Two Key Servers

July 09th, 2008 | Category: Technology News

Microsoft issued four bulletins that address nine vulnerabilities for July’s Patch Tuesday, none of them critical. that is the first day since last year that none of the patches were rated critical.

With only four vulnerabilities rated “important,” IT administrators have some breathing room to get caught up and reassess their defense, researchers said.

“There are no patches rated critical that month, but there are a number of notable patches, including one addressing a new file type found in Vista,” said Ben Greenbaum, senior research manager at Symantec shield Response. “The Microsoft Windows Explorer saved-search File Remote cipher Execution Vulnerability is the first report of a vulnerability using the new Search-MS file type, introduced in Vista.”

Focusing on High-Value Targets

Despite the obvious reprieve, organizations still need to pay close attention to the two shield updates that address elevation of privilege on Microsoft SQL Server and Microsoft Exchange Server, said Don Leatham, director of solutions and strategy

at Lumension. That’s considering elevation of privilege can easily negate the policy and enforcement efforts on these systems.

“Both of these products can be high-value targets and these vulnerabilities could be considered critical, depending on the organization. Many corporations hold not only their basic business info, but plus their customer/patient goods and critical intellectual property in Microsoft SQL Server databases, or transmit these types of details via Microsoft Exchange servers,” Leatham said.

Web Application protection

The two Exchange vulnerabilities involve cross-site scripting (XSS) and underline again the growing importance of Web application safety measure, according to Tyler Reguly, a shield engineer for nCircle, a network protection firm that works with companies like Safeway, ESPN and Archer Daniels Midland.

“In that case, the XSS would be in a specially crafted e-mail and could allow for full session hijacking,” Reguly said. “These vulnerabilities offer great opportunity for an attacker to snoop for additional…

Orginal post by Mike

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists

Related Articles
  • Patch Tuesday Includes Wireless Vulnerability
  • Microsoft Patches 20 Vulnerabilities and Debuts Index
  • Patch Tuesday Fixes a Record 26 Vulnerabilities
  • Patch Tuesday Addresses Eight Critical Vulnerabilities
  • Patch Tuesday Addresses Client-Side Vulnerabilities

    • No comments yet. Be the first.

    Leave a reply