Microsoft’s flurry of security bulletins this week made October the busiest month on record and has undoubtedly sent thousands of administrators scrambling to test and deploy fixes for some serious flaws that could quickly be exploited by worm writers.<\/p>\n","protected":false},"excerpt":{"rendered":"
The bulletins aim to patch a total of 22 newly discovered vulnerabilities — a new record for the software maker’s monthly Patch Tuesday program, according to a Microsoft spokesperson.<\/p>\n
Experts said IT managers should act fairly rapidly in getting the patches tested and deployed, because any number of the vulnerabilities — especially those that affect Internet-facing systems — could be quickly exploited by newly created or updated network intruders.<\/p>\n
Mark Loveless, lead security researcher at the BindView Corp., a Houston-based security and patch management vendor, said he’s not trying to be an alarmist when he suggests that admins act fast in deploying the patches. It’s just that the time it takes from the discovery of a bug to the introduction of a virus or worm that exploits that bug has narrowed considerably in recent years.<\/p>\n
Patch Tuesday — or Black Tuesday, as many administrators have taken to calling it — is the second Tuesday of each month, when Microsoft releases the newest fixes for its Windows operating system and related software.<\/p>\n
The bulletins released on the most recent patch cycle affect Windows NT, XP and Server 2003, as well as the Excel and Internet Explorer applications. Microsoft on Tuesday also re-issued patch MS04-028 from last month, outlining critical vulnerabilities in the way some applications read and display .jpg picture files.<\/p>\n
Loveless explained that the vulnerabilities most likely to be exploited are those that affect public or Internet-facing systems. These include, but are not limited to, the newly discovered vulnerability within the Network News Transfer Protocol (NNTP), a potential exploit within the Windows Server 2003 SMTP (Simple Mail Transfer Protocol) component, and a flaw in NetDDE, which allows different applications to share documents across computers.<\/p>\n
They suggest that IT managers take the commonly recommended steps of prioritizing, conducting a risk assessment and testing out all of their non-Microsoft applications for compatibility with the new patches prior to mass deployment.<\/p>\n
http:\/\/searchsecurity.techtarget.com\/originalContent\/0,289142,sid14_gci1015690,00.html<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-574","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/574","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=574"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/574\/revisions"}],"predecessor-version":[{"id":3061,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/574\/revisions\/3061"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=574"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=574"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=574"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}