Microsoft Patch Tuesday – Information from Symantec

This month, Microsoft has issued two security bulletins addressing eight vulnerabilities, none of which are rated as critical.

“Since Windows 7, Microsoft has seemed to downgrade file-based vulnerabilities,” said Joshua Talbot, security intelligence manager, Symantec Security Response. “In the past, I think many of the vulnerabilities patched this month could have been rated critical, but with protections like DEP and ASLR, these types of vulnerabilities are less of an issue for Windows 7. My concern is that in many enterprise environments, Windows XP is still common, and these vulnerabilities are more serious on XP and older systems.”

“Microsoft didn’t patch the win32hlp Internet Explorer vulnerability made public just over a week ago,” Talbot added. “We’ve seen proof-of-concept exploit code for this vulnerability, but haven’t seen any attacks using it in the wild.”

“A unique user interaction is required to make the IE vulnerability work, but an attacker could engineer an exploit that would entice a user to carry out the action,” Talbot concluded. “For example, causing a pop-up window to appear repeatedly until the user hits the necessary key to make it stop, which would also cause the machine to become infected.”

Symantec strongly encourages users to patch their systems against all these vulnerabilities. In addition, enterprises are encouraged to consider implementing an automated patch management solution to help mitigate risk.

“In addition to Microsoft’s Patch Tuesday updates today, the company also issued an advisory for a new zero day vulnerability affecting Internet Explorer,” said Talbot. “Symantec has observed exploitation of the vulnerability in the wild and has created Trojan.Malscript!html and JS.Downloader detection to mitigate this attack.”

Resources:

The Symantec Security Response blog can be viewed here: http://www.symantec.com/business/security_response/weblog/

Additional information on Microsoft’s security bulletins can be found here: http://www.microsoft.com/technet/security/bulletin/ms10-mar.mspx

More information regarding the Trojan.Malscript!html and JS.Downloader advisory can be found here: http://www.microsoft.com/technet/security/advisory/981374.mspx.

Please let me know if you are interested in speaking with a Symantec expert in more detail about any of the vulnerabilities addressed this month.

Media Contact:

Jasmin Athwal

Max Australia

+61 2 9954 3492

jasmin.athwal@maxaustralia.com.au