RSS Alerts

Related Links

Related Stories

  • GrIDsure announces authentication for Microsoft IAG
    GrIDsure, the pictorial-based authentication technology specialist, has launched an application for Microsoft's Intelligent Application Gateway.
  • RSA: Lumension and Microsoft ink whitelisting deal
    Endpoint security company Lumension teamed up with Microsoft at the RSA show to launch a software whitelisting service. The move, which sees the companies sharing information about legitimate software applications, lends increasing credence to the idea that blacklisting malicious software by signature is becoming less tenable as the number of malware variants increases.
  • Microsoft security report pools data from Windows users everywhere
    In what some people might term as a case of Big Brother on steroids - or an in-depth anonymous analysis - depending on your viewpoint, Microsoft has published the latest version of its six monthly security intelligence report.
  • Microsoft working on secure web browser
    Microsoft's research operation has published a paper detailing a security-enabled web browser application code-named Gazelle.
  • US-CERT warns Microsoft Windows autorun off advice is flawed
    The US Computer Emergency Readiness Team (US-CERT) has warned Microsoft's advice on how to turn off the autorun option within Windows is not effective.
  • Renault Formula 1 deploy IRM to protect car designs
    At the British Grand Prix in 2006, over four gigabytes of data was created over the weekend, including 150 documents containing car designs, technical specifications and other important testing and race data. Under pressure to keep their sensitive information secure, the Renault Formula 1 team chose Oracle content management (formerly Stellent) to manage, share and secure critical documents and information across the organisation, remotely and trackside.

News

Businesses face deluge of patches from Microsoft and Oracle

16 July 2009

IT security administrators will have to deal with more than 10 security patches from Oracle and nine from Microsoft this week.

Oracle's quarterly patch release has coincided with Microsoft's monthly Patch Tuesday security update.

The most critical Oracle patches target vulnerabilities in Oracle Secure Backup and BEA's JRockit Complex Event Processing and WebLogic application server.

Oracle warned that three of 10 database vulnerabilties can be exploited across a network without a user name or password.

Two patches are for Oracle Application Server weaknesses that can also be exploited remotely without authentication.

Other patches fix vulnerabilities in Oracle E-Business Suite components, the PeopleSoft Enterprise, JD Edwards Enterprise One and Siebel application sets, and Oracle Enterprise Manager.

Microsoft issued six security updates to patch nine vulnerabilities, six of which were ranked critical.

Microsoft applications updated include Windows, Publisher, Internet Security and Acceleration Server (ISA) 2006, and Microsoft's client and server virtualisation software.

The patches finally included fixes for vulnerabilities in the Internet Explorer ActiveX control and DirectShow, which attackers have been exploiting for weeks.

Microsoft acknowledged ongoing attacks exploiting a weakness in DirectShow in May and last week that the ActiveX control weakness was discovered 18 months ago.

But Microsoft has failed to release a fix for a problem with Office Web Components, disclosed on Monday, which is being used to attack Windows users.

Dave Marcus, director of McAfee Avert Labs said Windows users continue to be under attack due to an exploit of the vulnerability.

"The attacks involve booby trapped websites that load malicious code onto a vulnerable computer. The compromised PCs are commandeered and join a botnet, a network of hijacked computers," he said.

Many of the vulnerabilities addressed by the fixes could be exploited if a Windows user simply visits a malicious website or opens a rigged Office document, said Marcus.

"Today's Microsoft patches once again underline the risk of using the Internet unprotected," he said. "Criminals today rely on the web and e-mail to deliver malicious software."
 

This news story first appeared on Computer Weekly

 

This article is featured in:
Application Security Internet and Network Security Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water