Microsoft, Adobe throw fire blanket over blaze of security flaws
Patch Tuesday - just in time for Exploit Friday
Agentless Backup is Not a Myth
Microsoft has fixed 26 security flaws, at least five of which are critical, in its software. At least one of the holes is being actively exploited by hackers to compromise Windows computers.
The latest Patch Tuesday update from the company addresses these vulnerabilities, which are present in workstations and servers running Redmond operating systems.
Most pressing of the critical batch is MS12-060, which is a fault in Windows Common Control that is being exploited in the wild. Victims merely have to open booby-trapped RTF files and Office documents, or visit a maliciously constructed web page, to fall foul of an attack. The files could be sent as email attachments.
Other critical flaws exist in the Remote Administration Protocol (RAP) of Windows Networking; Internet Explorer versions 6 to 9; the Remote Desktop Protocol (RDP) server in Windows XP; and a module in the Outlook Web Access (OWA) component of Microsoft Exchange Server.
Microsoft's latest security bulletin can be found here. As usual, an easy-to-understand overview from the Internet Storm Centre can be found here.
In other patching news, Adobe also released two new versions of its Adobe Acrobat and Adobe Reader products. A patch for Adobe Flash Player addresses a zero-day vulnerability that has been used in targeted attacks. These assaults have involved tricking victims into opening Word documents with an embedded ActiveX Flash object.
More details on all these patches can be found on Adobe's website here. ®
COMMENTS
PLS Fix It Redmond
As the OP mentioned most of the exploits are rehashed OLD ( 10 years +) ,yes the year 1985-2002.
Somewhat strange that MS hasnt heard of regression testing,and ffs normal release testing.
And due to the entwinement/entrapment of the OS with the stupid browser nobody uses anymore,
most of the bloated apps are affected by the exploits in a roll on affect.
For crying out loud the browser was the cause of most of the issues for the last 10 years ,remove it
or make it an add-on for those who need to use it :?.
Unless they get off on the media attention and mayhem of patch Tuesday .
Lovely update failures
The initial update resulted in 8 failed updates. From Googling this is a common problem on the 64bit platform.
http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/windows-7-ultimate-wont-install-updates/4a5c1dbd-ec26-410d-b69a-9347166b13cd
After disabling everything in startup and doing one update at a time it began to work. However one update resulted in Win7 no longer booting and I had to run Win7 repair CD to get it booting again!
I then finished off applying the rest of the updates manually and reenabled the startup items I had disabled.
This wasted at least a couple of hours of my day. Thanks MS!
IT infrastructure monitoring strategies
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
Data control in the cloud
Cloud based data management
Agentless Backup is Not a Myth
