- Microsoft Windows chief decries standards grandstanding
- The 5 best, and 5 worst, features of Google Chrome OS
- Federal government using PS3 to crack pedophile passwords
- 10G Ethernet cheat sheet
- Top 10 free Windows tools for IT pros, at a glance
Microsoft Tuesday released six patches that address 15 vulnerabilities. Here's a look at what security experts are saying about the vulnerabilities, patches and what should concern users.
"There are three vulnerabilities this month that target a listening service. While none of them are likely to considered great
candidates for exploit, they are worth noting as they all primarily affect the enterprise. It is unlikely that the home user
will be running a license logging server or have Active Directory up and running. While Web Services on Devices affects Vista
and Server 2008, the attack vector requires that you be on the local subnet, meaning the home user is unlikely to see any
real risk."
-- Tyler Reguly, senior security engineer for nCircle
"MS09-066 affects corporate networks as it addresses a vulnerability in Active Directory. A successful exploit can result
in denial-of-service on the system. This vulnerability will be difficult to exploit though. All operating systems other than
Windows 2000 require valid credentials to send a specially crafted packet. If an attacker already had valid credentials, they
would do more damage than a denial-of-service attack on a server. For Windows 2000 servers, like MS09-064, these machines
should be patched immediately. A specially crafted packet sent to a Windows 2000 machine can result in an unresponsive machine
that requires an unscheduled reboot."
-- Jason Miller, data and security team leader for Shavlik Technologies
"The Embedded OpenType font kernel vulnerability [MS09-065] is the most serious in our opinion. Not only is proof-of-concept
exploit code publicly available, but all that's required of a user to become infected by it is simply viewing a compromised
Web page. Symantec isn't seeing any active exploits of this in the wild yet, but we think attackers will be paying a lot of
attention to it in the future."
-- Ben Greenbaum, senior research manager at Symantec Security Response.
"One of the nice things that you will see today is that Windows 7 and Windows Server 2008 are not affected by any of these
patches."
-- Richie Lai, director of vulnerability research for Qualys
Follow John on Twitter: http://twitter.com/johnfontana
Rss FeedRss Feed
The Leader in Network Knowledge
Comment