Microsoft Patch Tuesday – Information from Symantec
Today, Microsoft issued 11 security bulletins which address 25 vulnerabilities, nine of which Microsoft has rated as critical. In addition, Oracle and Adobe are also releasing security updates. Oracle will address 47 vulnerabilities and Adobe is issuing fixes for both Acrobat and Reader.
“The critical Microsoft WinVerifyTrust signature validation vulnerability can be used to really enhance social engineering efforts,” said Joshua Talbot, security intelligence manager, Symantec Security Response. “Targeted attacks are popular and since social engineering plays such a large role in them, we plan on seeing exploits developed for this vulnerability.”
“It allows an attacker to fool Windows into thinking that a malicious program was created by a legitimate vendor,” Talbot added. “If a user begins a download and they see the Windows’ notification telling them who created it, they might think twice before proceeding if it’s from an unfamiliar source. This vulnerability allows an attacker to force Windows to report to the user that the application was created by any vendor the attacker chooses to impersonate.”
“This is going to be quite the month for IT administrators,” Talbot concluded. “With a large number of patches coming from Microsoft and Oracle, including two from Microsoft for public vulnerabilities, and a handful more patches from Adobe, automating the patching process becomes even more critical to ensure that nothing slips through the cracks.”
Symantec strongly encourages users to patch their systems against all vulnerabilities addressed this month.
Please visit the Symantec Security Response blog for more information. Do let me know if you’re interested in speaking with a Symantec expert in more detail about any of the vulnerabilities addressed this month.
The Symantec Security Response blog can be viewed here:
Additional information on Microsoft, Oracle and Adobe’s security bulletins can be found here:
+61 2 9954 3492