Microsoft Serves Up a Turkey for Thanksgiving

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14
Next Microsoft Serves Up a Turkey for Thanksgiving-3 Next

Bulletin 5 is an interesting one, because it’s a True Type font issue. It resolves three vulnerabilities, the worst of which is a remote code execution. Microsoft has been dealing with font issues for a while. True Type fonts can be embedded all over the place and Windows kernel mode driver renders the font. If these fonts are embedded in a browser or a Word document, for example, they are rendered in the kernel mode driver and wind up becoming a kernel mode exploit. An authenticated, low-rights user could visit a website, the font gets rendered, and it gets rendered as “system.” This is a very effective attack mode, so Microsoft likes to close out font issues quickly. This is as high a priority as bulletin 1. Those two bulletins will be the two biggest attack vectors in this batch.

IT administrators may find they don’t have much to be thankful for this Thanksgiving with a disruptive Patch Tuesday headed their way. With six Microsoft bulletins, four of which are critical and some restarts required, along with a host of other issues, IT can expect a disruptive Patch Tuesday this month.

According to Paul Henry, security and forensic analyst at Lumension, it’s disappointing to see the critical bulletins impacting more than just legacy code as we’ve come to expect in recent months. These bulletins impact many current generation products and that’s concerning. Nothing is ever 100 percent secure and mistakes are made in software. But it’s still ugly to see. In this slideshow, Henry outlines, in the order of severity, what you can expect this patch Tuesday.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

Privacy rollback Security Pros Give Their Opinions on ISP Data Privacy Rollback

IT staff, organization leaders, and the average citizen have all expressed levels of concern over the FCC about-face in regard to ISP privacy. Here’s what the security experts say. ...  More >>

IT security skills 7 Top Skills for Security Pros

Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ...  More >>

IT security careers The Most In-Demand Security Jobs and How to Get Them

Security professionals are in demand right now, and entry-level security jobs generally fall into either an engineer or analyst role. Find out more about required skills and career paths. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.