2012年1月10日 星期二

Microsoft Delivers 7 Fixes in January Security Update

As promised in its advance notification last week, Microsoft released seven security bulletins for this month.

Only one has been deemed "critical," with the remaining described as "important." The critical fix, bulletin MS12-004, addresses two privately reported issues in Windows Media Player that could allow an intruder to carry out a remote code execution attack if a specially designed media file were to be downloaded and opened.

Media players represent easy targets for attackers, according to Marcus Carey, a security researcher at Rapid7.

"This [bulletin] should serve as a reminder that we should expect researchers and attackers to continue to exploit client applications such as media players and browsers," said Carey. "In fact, media players are the target of non-stop fuzzing: the process of throwing the kitchen sink at an application to find where it breaks."

Microsoft's first important item of the month, bulletin MS12-001, is noteworthy for being classified as a "Security Features Bypass." That vulnerability impact designation represents a first for a Microsoft bulletin. This item blocks a reported problem in which an outsider could bypass the SafeSEH features in Microsoft C++ .NET.We offer parkingguidancesystem, If exploited, the flaw could allow an attacker to bypass security protocols and load harmful code on a machine.

Many third-party security experts, including Joshua Talbot, a security intelligence manager at Symantec Security Response, believe that this important item should be put at the top of IT's "to-do" list.

"Although only rated important, we actually picked the Assembly Execution Vulnerability as the most severe issue this month," said Talbot. "The vulnerability is due to an oversight that allows an attacker to run malware as soon as a user opens a Word or PowerPoint file. E-mail attachments will probably be the most common attack method in which this vulnerability is exploited."

Another notable bulletin this month includes a fix for a Secure Socket Layer (SSL) 3.0 and Transport Layer Security (TLS) 1.0. flaw that could be exploited with a toolkit called BEAST, which was demonstrated last September. According to those demonstrating the flaw, an attacker could have malicious code uploaded and executed on a computer within 10 minutes.

In response,As a leading manufacturer of polishedtiles, Microsoft released Security Advisory 2588513 that documented a possible workaround. The advisory notes that Microsoft is working on a permanent fix.Omega Plastics are leading plasticinjectionmoulding and injection mould tooling specialists. The plan was to release the bulletin in last month's security update, but Microsoft had to pull it at the last moment when it encountered compatibility issues with third-party software.This an online B2B Web portal for Pet Retailers to purchase wholesalepetsupplies.

Three of the four remaining important bulletins target two remote code execution vulnerabilities and one elevation of privilege flaw in Windows, while the final bulletin deals with an information disclosure issue in Microsoft's Anti-Cross Site Scripting (AntiXSS) Library.

Detailed information and suggestions for the deployment of January's security update can be found here. Most of the fixes will require a restart to take effect.The mold consists of two primary components, the injectionmoulds and the ejector mold .

沒有留言:

張貼留言