Microsoft's Patch Tuesday Report for Nov. 11
November 13, 2008
As is almost always the case every second Tuesday of the month, Microsoft's small number of security patches sent on Nov. 11 included a fix that reportedly goes back to at least early 2001.
One of them was for a critical security hole in XML core services, which could allow RAM memory corruption and then trigger some harmful code execution, and then another flaw in SMB (Server Message Block).
SMB is code which allows file shares over a network, and Microsoft labels the flaw as "important" but security watchers at the Internet Storm Center gave it a more severe "critical" rating.
The security flaw was first demonstrated at a hacking conference more than seven years ago. Tests for the vulnerability have been available since July of last year, however.
Microsoft does acknowledge that security checking software such as Metasploit have been able to carry out an attack based on the SMB vulnerability without saying how long the flaw has been around.
Security holes in the NTLM Authentication that is the subject of this week's patch were demonstrated at Defcon as far back as over eight years ago, according to BugTraq postings.
At this time, it's still unclear why it took so long for Microsoft to fix the hole. A more detailed explanation of both vulnerabilities that are the topic of this month's patch list can be found in Microsoft's summary on its site.
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing