Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 1 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Microsoft adds two more patches to February bundle

by The Gurus
February 12, 2014
in Editor's News
Share on FacebookShare on Twitter

Microsoft released seven patches last night, adding two more to its planned release of five.
 
Of these, four were rated as critical and three as important. Tyler Reguly, manager of security research at Tripwire, said: “The biggest discussion point with Microsoft’s patch drop this month is probably the change in bulletins. To go from five to seven bulletins says to me that initial testing was completed last minute so they decided to slip the patch in or testing found an issue and engineer shipped a fix last minute.“
 
Added was a critical update for Internet Explorer, MS14-010 that addresses one public and 23 privately disclosed issues in Internet Explorer. Microsoft said that an attacker who successfully exploited the most severe of these issues could execute code at the level of the logged on user.  This affects all versions of Explorer from IE6 on Windows XP to IE11 on Windows RT.
 
Lamar Bailey, director of security research at Tripwire, said: “IE takes the lead with over 20 CVEs this month and is definitely the most critical issue to get patched. Given the late additions to this patch cycle, companies will want to make sure to take a careful look and test carefully before rolling it out to everyone.”
 
Microsoft also rated two other critical-rated patches MS14-007 and MS14-011 as the other most important to apply.
 
Wolfgang Kandek, CTO of Qualys, said: “MS14-007 is next in our priority list, at least if you are running Windows 7 or later. The patch fixes an issue in the graphics library DirectWrite. The attack would come through the browser in a malicious webpage that uses the <SVG> tag for Scalable Vector Graphics, a good reminder that new technology is usually not free of implementation vulnerabilities.
 
“The two remaining critical Microsoft bulletins are MS14-011, addressing a vulnerability in VBScript, the scripting engine used in IE, again with an attack vector of malicious webpages, and MS14-008, addressing a file format vulnerability in Forefront for Exchange, a legacy anti-spam product for Microsoft Exchange.”
 
Bailey said: “MS14-008 is an interesting critical update because while the issue is critical but it may not be possible to actually get to the vulnerable code. This vulnerability only affects Forefront Protection for Exchange and not to be confused with other Forefront products. Microsoft has taken a scalpel and cut out the vulnerable code so this will not be an issue going forward.”
 
In the important updates, MS14-009 fixes vulnerabilities in the .NET Framework that could allow elevation of privilege, MS14-005 fixes a vulnerability in the Microsoft XML Core Services which could allow information disclos
ure and MS14-006 addresses a vulnerability in IPv6 that could allow a denial-of-service attack.
 
Ross Barrett, senior manager of security engineering at Rapid7, said: “The other three issues are all of lower risk and likely lower exploitability, ranging from information disclosure to denial of service and elevation of privilege. Not to be ignored, but should be of slightly less concern than remote critical vulnerabilities.”

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

DDoS attack detected at 400Gbps

Next Post

White Hat Ball tops £1 million raised for charity

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information