Microsoft Serves Up a Turkey for Thanksgiving

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14
Next Microsoft Serves Up a Turkey for Thanksgiving-3 Next

Bulletin 5 is an interesting one, because it’s a True Type font issue. It resolves three vulnerabilities, the worst of which is a remote code execution. Microsoft has been dealing with font issues for a while. True Type fonts can be embedded all over the place and Windows kernel mode driver renders the font. If these fonts are embedded in a browser or a Word document, for example, they are rendered in the kernel mode driver and wind up becoming a kernel mode exploit. An authenticated, low-rights user could visit a website, the font gets rendered, and it gets rendered as “system.” This is a very effective attack mode, so Microsoft likes to close out font issues quickly. This is as high a priority as bulletin 1. Those two bulletins will be the two biggest attack vectors in this batch.

IT administrators may find they don’t have much to be thankful for this Thanksgiving with a disruptive Patch Tuesday headed their way. With six Microsoft bulletins, four of which are critical and some restarts required, along with a host of other issues, IT can expect a disruptive Patch Tuesday this month.

According to Paul Henry, security and forensic analyst at Lumension, it’s disappointing to see the critical bulletins impacting more than just legacy code as we’ve come to expect in recent months. These bulletins impact many current generation products and that’s concerning. Nothing is ever 100 percent secure and mistakes are made in software. But it’s still ugly to see. In this slideshow, Henry outlines, in the order of severity, what you can expect this patch Tuesday.


Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

More Slideshows

Social14-190x128.jpg 10 Ways to Improve Your Social Media Security Policy and Posture

When phone calls, video conference information, pictures, chat logs, etc. are all stored in a central location via social media, a potential hacker has access to just about everything, quickly and easily. ...  More >>

Security120-290x195 5 DDoS Myths Debunked

Unearth the real story behind five commonly held myths about distributed denial-of-service attacks. ...  More >>

Security119-190x128 8 Tips for Ensuring Employee Security Compliance

IT security ultimately depends on making sure employees use the appropriate tools and comply with policies designed to protect them and their data/applications. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.