Microsoft Serves Up a Turkey for Thanksgiving

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14
Next Microsoft Serves Up a Turkey for Thanksgiving-3 Next

Bulletin 5 is an interesting one, because it’s a True Type font issue. It resolves three vulnerabilities, the worst of which is a remote code execution. Microsoft has been dealing with font issues for a while. True Type fonts can be embedded all over the place and Windows kernel mode driver renders the font. If these fonts are embedded in a browser or a Word document, for example, they are rendered in the kernel mode driver and wind up becoming a kernel mode exploit. An authenticated, low-rights user could visit a website, the font gets rendered, and it gets rendered as “system.” This is a very effective attack mode, so Microsoft likes to close out font issues quickly. This is as high a priority as bulletin 1. Those two bulletins will be the two biggest attack vectors in this batch.

IT administrators may find they don’t have much to be thankful for this Thanksgiving with a disruptive Patch Tuesday headed their way. With six Microsoft bulletins, four of which are critical and some restarts required, along with a host of other issues, IT can expect a disruptive Patch Tuesday this month.

According to Paul Henry, security and forensic analyst at Lumension, it’s disappointing to see the critical bulletins impacting more than just legacy code as we’ve come to expect in recent months. These bulletins impact many current generation products and that’s concerning. Nothing is ever 100 percent secure and mistakes are made in software. But it’s still ugly to see. In this slideshow, Henry outlines, in the order of severity, what you can expect this patch Tuesday.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

BitSightRansomware0x Ransomware: The Rising Face of Cybercrime

Ransomware is a legitimate threat, with estimates from the U.S. Department of Justice showing that over 4,000 of these attacks have occurred every day since the beginning of the year. ...  More >>

Security121-190x128 5 Ways CFOs Can Implement an Effective Cybersecurity Strategy

While cybersecurity concerns are widespread, finance remains one of the most vulnerable areas for malicious attacks. ...  More >>

infra100-190x128 Top 10 Strategic Technology Trends for 2017

Here are the top 10 strategic technology trends that will impact most organizations in 2017. Strategic technology trends are defined as those with substantial disruptive potential or those reaching the tipping point over the next five years. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.