Microsoft
Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.
Microsoft patches 'insane' number of bugs
10 of the 23 vulnerabilities have already been exploited or are public
April 14, 2009 12:00 PM ETComputerworld - Microsoft today released eight security updates that patch 23 vulnerabilities in Windows, Internet Explorer, Excel and other software in the company's portfolio -- a collection of fixes one researcher called "insane."
More dangerous than the sheer number of patches, however, is the fact that nearly half fix flaws that are already being exploited or are publicly known in enough detail to craft working exploits. In some cases, sample attack code is available.
"What really caught our eye is the large number of exploits that are already available," said Wolfgang Kandek, chief technology officer at security company Qualys Inc. "Out of the 23, there are 10 exploits or [flaws] that have proof-of-concept. This is a huge deal and shows just how much the patch window is shrinking."
His colleague, Amol Sarwate, the manager of Qualys' vulnerability research lab, was more specific. "This is the biggest number of zero-days we've seen from Microsoft in a long, long time. Out of the 10, six are patches for which the vulnerability is actively being exploited, three of them have proof-of-concept available, and for one, the knowledge needed to exploit this is available."
Kandek and Sarwate recommended that users patch those 10 bugs first by applying the critical updates for Excel (MS09-009) and WordPad (MS09-010), and for Windows' "token kidnapping" issues (MS09-012). Microsoft pegged the last as "important," the second-highest ranking in its four-step threat-scoring system.
Other researchers didn't call out the number of already-exploited bugs Microsoft patched today but echoed Kandek and Sarwate on the month's theme.
"You could call this a spring cleaning," said Eric Schultze, CTO at Shavlik Technologies LLC. "Microsoft jumped on a couple of zero-days, including Excel from February and WordPad from last December. It's nice to see those taken care of."
Microsoft had previously issued security advisories for Excel and WordPad, and acknowledged that in the case of the former, it had already detected attacks in at least limited numbers.
Microsoft
Additional Resources
Microsoft
Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.
Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
Computerworld Reports
Sign up to receive updates on the latest Security resources
