While Windows vulnerabilities receive wide attention, Norman security experts suggest checks for a range of operating systems.
Tuesday, which most recently occurred yesterday, is the periodic security event
where Microsoft issues bulletins to fix known security flaws in Windows-related
software and applications, such as Office and Internet Explorer.
the past six months, security solutions and forensics malware specialist Norman
has discovered and reported several Windows kernel vulnerabilities that
potentially could be leveraged by attackers to fully compromise a system and
leave users open to serious cyber-attacks. The company said kernel security
research is vital because kernel vulnerabilities affecting core operating
system components are very hard to detect and defend against.
Windows vulnerabilities receive wide attention, Norman security experts also
warned that IT administrators in enterprises, government and small to midsize
businesses (SMBs) should focus on patch management involving all major
operating systems, including Microsoft Windows, Linux, Mac OS, Sun Solaris and
HP. In addition, rapid, accurate and secure patch management should be used for
the popular applications from Microsoft, Adobe and Apple.
company's report noted unpatched operating systems and applications often
result in expensive losses and damage. "Nearly two-dozen software vulnerabilities
are discovered each day, so IT departments need to make patching a top
priority," the company report said.
Tuesday Microsoft released 17 security bulletins, including nine that are rated
"Critical" and eight rated "Important." Fifteen of the
bulletins address vulnerabilities that allow attackers to remotely execute
code. All totaled, the bulletins will address 64 vulnerabilities spanning
Windows, Office, Internet Explorer, Visual Studio, .NET Framework and the
Graphics Device Interface (GDI+).
operating systems include Windows XP, Windows XP Professional x64 Edition,
Windows Server 2003, Windows Server 2003 x64 Edition, Windows Vista (32-bit and
64-bit), Windows Server 2008 and Windows 7.
are updates for Internet Explorer 6 through 8. Despite Microsoft's attempts to
sunset IE6, it appears IE6 bugs in Windows XP and Windows Server 2003 have been
addressed. The patches cover commonly used Office applications, including
Microsoft Excel 2002 through 2010, Microsoft PowerPoint 2002 through 2010, and
Microsoft Office 2004 for Mac through 2011.
departments should make patch and remediation a priority," said Audun
Lodemel, vice president of marketing for Norman. "Remember to look into
all your OS platform and applications vulnerabilities, not just focus on
Microsoft issues around Patch Tuesday."
Nathan Eddy is Associate Editor, Midmarket, at eWEEK.com. Before joining eWEEK.com, Nate was a writer with ChannelWeb and he served as an editor at FierceMarkets. He is a graduate of the Medill School of Journalism at Northwestern University.