Feeds

MS squashes 0day bug in July Patch Tuesday

Patches under-attack XML Core Services flaw in Flame-proof update

SANS - Survey on application security programs

Microsoft has patched an under-attack zero-day vulnerability in XML Core Services as part of the July edition of Patch Tuesday.

The critical security update (MS12-043) addresses a security flaw that has made its way into the Blackhole Exploit toolkit since its discovery last month. A further two critical updates cover a cumulative security update for Internet Explorer and a remote code execution flaw in MS Data Access Components (a part of Windows), respectively. The six other bulletin issued on Tuesday cover lesser security flaws.

Andrew Storms, director of security operations for nCircle, noted that only under-attack versions of XML Core Services have been patched, as yet.

“The most important patch this month is undoubtedly the XML core services bug," Storms commented. "Microsoft issued an advisory for this bug in early June and we've already seen the exploit in a number of exploit toolkits and attacks have been reported in the wild."

"[The] XML version 5 patch for the bug isn't shipping today. The fix for this version is probably not ready yet, so Microsoft decided to deliver the other patches. So far, all the attacks in the wild utilize XML version 3, so this release, even though not totally complete, seems like a no-brainer."

Storms added that the IE patch is significant because it represents a step up in frequency for browser security updates from Microsoft.

"Usually, Microsoft sticks to an extensive two-month test cycle for Internet Explorer, so that's why we've only seen them every other month," he said.

"[An] MSRC post says that additional resources have been added to IE testing to reduce the test period. It's good to know that Microsoft can deliver IE patches faster, but IT security teams are probably less than thrilled, since they are going to see a lot more IE patches, including the one released today.”

Microsoft's summary of its security bulletins is here. The Internet Storm Centre has published an easier to understand overview here.

The July edition of Patch Tuesday marks the first time Microsoft has made use of an update mechanism that it hardened in response to an investigation into the Flame malware, a cyber-espionage tool that abused certain aspects of Redmond's update mechanism in order to spread. The investigation into Flame also resulted in Microsoft's decision to revoke 28 digital certificates, as a precaution.

In an advisory, Microsoft explains that the revoked certificates were vulnerable to spoofing attacks, hence the decision to replace them with something stronger. "Upon a routine review, we are placing these certificates in the Untrusted Certificate Store, and replacing them with new certificate authorities that meet our high standard of public-key infrastructure (PKI) management. We are unaware of any misuse of the certificate authorities, but are taking pre-emptive action to protect customers. This issue affects all supported releases of Microsoft Windows." ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.