resource center
  See your link here
|
Computerworld - Microsoft Corp. last week released eight security updates that patch 23 vulnerabilities in Windows, Internet Explorer, Excel and other software products in the company's portfolio.
Analysts noted that even more dangerous than the unusually large number of patches is the fact that nearly half of them fix flaws that have already been or can be exploited by hackers.
"What really caught our eye is the large number of exploits that are already available," said Wolfgang Kandek, chief technology officer at Qualys Inc., a provider of on-demand security tools. "Out of the 23, there are 10 exploits or [flaws] that have proof of concept."
"You could call this a spring cleaning," said Eric Schultze, CTO at Shavlik Technologies LLC, a network security vendor. "Microsoft jumped on a couple of zero-days, including Excel from February and WordPad from last December. It's nice to see those taken care of."
Kandek and Amol Sarwate, manager of the vulnerability research lab at Qualys, recommended that users first patch the 10 flaws that have known exploits by applying the "critical" updates for Excel and WordPad, and an "important" patch designed to fix the so-called token-kidnapping issues in Windows. "Critical" and "important" are the top two rankings in Microsoft's four-step threat-scoring system.
Meanwhile, Oracle Corp. last week released 43 security fixes for a range of products, including its flagship database and the Oracle Application Server. The patches also fix flaws in its E-Business Suite and PeopleSoft Enterprise applications, and its WebLogic application server.
Oracle said that 16 of the patches are for various database versions. The most severe vulnerability, which affects Versions 9.2.0.8 and 9.2.0.8DV, "can potentially allow an attacker to gain full control of a vulnerable server," according to a post on Oracle's global product security blog.
The update also includes patches for eight vulnerabilities in Oracle's WebLogic and AquaLogic products, including JRockit, and for WebLogic Server plug-ins for Apache and IIS Web servers, according to the blog post.
This version of the story originally appeared in Computerworld's print edition.
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
