resource center
  See your link here
|
Computerworld - Microsoft Corp. last week released eight security updates that patch 23 vulnerabilities in Windows, Internet Explorer, Excel and other software products in the company's portfolio.
Analysts noted that even more dangerous than the unusually large number of patches is the fact that nearly half of them fix flaws that have already been or can be exploited by hackers.
"What really caught our eye is the large number of exploits that are already available," said Wolfgang Kandek, chief technology officer at Qualys Inc., a provider of on-demand security tools. "Out of the 23, there are 10 exploits or [flaws] that have proof of concept."
"You could call this a spring cleaning," said Eric Schultze, CTO at Shavlik Technologies LLC, a network security vendor. "Microsoft jumped on a couple of zero-days, including Excel from February and WordPad from last December. It's nice to see those taken care of."
Kandek and Amol Sarwate, manager of the vulnerability research lab at Qualys, recommended that users first patch the 10 flaws that have known exploits by applying the "critical" updates for Excel and WordPad, and an "important" patch designed to fix the so-called token-kidnapping issues in Windows. "Critical" and "important" are the top two rankings in Microsoft's four-step threat-scoring system.
Meanwhile, Oracle Corp. last week released 43 security fixes for a range of products, including its flagship database and the Oracle Application Server. The patches also fix flaws in its E-Business Suite and PeopleSoft Enterprise applications, and its WebLogic application server.
Oracle said that 16 of the patches are for various database versions. The most severe vulnerability, which affects Versions 9.2.0.8 and 9.2.0.8DV, "can potentially allow an attacker to gain full control of a vulnerable server," according to a post on Oracle's global product security blog.
The update also includes patches for eight vulnerabilities in Oracle's WebLogic and AquaLogic products, including JRockit, and for WebLogic Server plug-ins for Apache and IIS Web servers, according to the blog post.
This version of the story originally appeared in Computerworld's print edition.
Read more about security in Computerworld's Security Knowledge Center.
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2010 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
