Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!


Microsoft to issue seven security updates June 10

Google

Add to del.icio.us     Digg this story Digg this

June 6, 2008

Late yesterday, Microsoft said it would issue seven critical security updates next Tuesday, three of which are deemed very critical, in order to patch Windows components including versions 6 and 7 of Internet Explorer.

Andrew Storms, director of security operations at nCircle said Microsoft will also disable a vulnerable third-party program. "Maybe this is a new trend by Microsoft, issuing kill bit updates to mitigate risks," said Storms, referring to one of the seven updates. "Kill bit" is the term Microsoft uses to describe setting a flag in the Windows registry that disables a specific Active-X control.

Microsoft regularly advises users to set the kill bit in lieu of a formal patch for a control that may harbor a potential security hole.

Two months ago, Microsoft issued a kill bit update for an Active-X control distributed by Yahoo for its Yahoo Music Jukebox. At the time, Microsoft said it would lock down other vendors' software at their request by releasing fixes through Windows Update.

"If Microsoft was patching one of its own ActiveX controls, I would think it would say it's fixing something in 'ActiveX,' but because it's labeled this as 'kill bit,' it leads me to think that it involves a third-party," said Storms.

As mentioned earlier, Microsoft rated three of these seven security updates "critical," its highest threat ranking, while three are tagged "important," one step lower, and the seventh -- the kill bit update -- was marked as "moderate."

The critical updates will patch Bluetooth, DirectX and Internet Explorer in Windows, according to the pre-patch notification Microsoft issued late yesterday.

It's unlikely, however, that the IE update will address the vulnerability that Microsoft warned users about last week, said Storms. "It could," he offered, "but I don't think it would have something this quick." That security bug, when combined with a flaw in Apple Inc.'s Safari Web browser, leaves users open to attack, Microsoft said in a security advisory issued last Friday.

The seven-update list is one of the most diverse and interesting in a long time. It runs the gamut as far as the distribution of where they are in the operating system and software. The only thing we're missing is a vulnerability check for Excel or Outlook and we'd have one for everything that Microsoft makes."

Storms also called out the Bluetooth update as noteworthy. "A lot of people will be looking at this one too," he said. "Does the vulnerability carry over into the mobile side, or is it only around the desktop?" Bluetooth vulnerabilities, Storms added, are rare and often resemble the "man-in-the-middle" security bugs that are sometimes exploited in 802.11-based wireless scenarios.

The patch will fix IE6 and IE7 running in all supported editions of Windows, including Windows 2000, XP, Server 2003, Vista and Server 2008. Microsoft has pegged the IE fixes in the client operating systems as critical, but only as moderate on the server side.

Two updates -- one for Windows Internet Name Service (WINS) and the other for Active Directory -- affect only server software. While Microsoft rated both as important, Storms said enterprises may think differently. "Active Directory is such a critical core component. Large enterprises will certainly need to roll out these two, and it will take them some time, because of the testing they'll need to do."

The seven security updates will be posted on Microsoft's site Tuesday, June 10 at around 1 p.m. EST.

Add to del.icio.us     Digg this story Digg this

Source: Microsoft.

Google


Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.


You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer