Microsoft patches web flaws
By Miya Knights,
Microsoft has released fixes for a total of eight security bulletins as part of its regular monthly cycle of patching.
Out of the eight updates, two concern Microsoft's web browser and development frameworks and were marked as critical. The rest were marked as important.
Security experts said enterprises should give the highest priority to MS11-081, which patches a code execution vulnerability in Internet Explorer (IE). Microsoft said an exploit can occur when a victim uses IE to browse a malicious website.
High priority should also be given to MS11-078, which fixes a vulnerability in Microsoft Silverlight and the .NET framework. This vulnerability can also be exploited when a victim browses a malicious website with a Silverlight-enabled browser.
Amol Sarwate, manager of Qualys' Vulnerability Labs, said: "In our opinion the other bulletins can be scheduled after the critical bulletins are patched."
These included MS11-075 and MS11-076, which fixes two dynamic link library (DLL) preloading issues. These attacks target applications installed on Windows by planting malicious DLL files, which can give an attacker complete control of the system. Microsoft issued an advisory on the issue late last year.
Two local elevation-of-privilege (EoP) issues have also been fixed in win32k.sys and AFD.sys by two patches, MS11-077 and MS11-080 respectively.
But they were given a less severe "important" security rating by Microsoft because attackers already need to have access to the target systems to gain higher privileges in order to exploit these issues.
The last two patches were released for what Sarwate described as, "less pervasive technologies," namely Forefront Unified Access Gateway and Host Integration Server.
"In our opinion," he said, "The exposure for this is very low, but if your corporation uses these technologies, then patching is recommended."
Although eight bulletins were released, Sarwate added that he did not expect this month's release to generate a heavy load on IT administrators.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
