Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 2 April, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Eight patches from Microsoft, but nothing for XP

by The Gurus
May 14, 2014
in Editor's News
Share on FacebookShare on Twitter

Microsoft released its heaviest patch bundle of 2014 last night, covering 13 vulnerabilities with eight bulletins.
 
Two of the bulletins are rated as critical and fix flaws in Internet Explorer and Sharepoint server. Wolfgang Kandek, CTO of Qualys, said that MS14-029 is top of the list and another surgical fix, similar to the out-of-band MS14-021 from May 1st. “MS14-021 addressed the zero-day CVE-2014-1776, which had been found in the wild by FireEye on April 26th,” he said.
 
“In a similar fashion MS14-029 addresses CVE-2014-1815, which was detected as having attacks in the wild by the Google Security Team. For good measure Microsoft also included MS14-021/CVE-2014-1776 in this bulletin, so if you have not installed it yet, you can just install MS14-029 and address both issues at the same time.”
 
Ross Barrett, senior manager of security engineering at Rapid7, said: “One of the other common vulnerabilities and exposures (CVEs) fixed in this advisory is under limited, targeted attack. Also, there are two flavours of this patch for Windows 8.1 users, one for those who took the ‘Spring 2014 update rollup’ and one for those who did not.
 
“Not to mention that this is the first advisory that clearly would have applied to Windows XP, but for which a patch is not available. IE 6, 7, & 8 are vulnerable on Windows 2003 SP2, this would historically have mapped to the same scope of XP patches, but not this time. Anyone still using XP just got a little less secure – not that they were well off to begin with.”
 
Looking at MS14-022, Russ Ernst, director of product management at Lumension, said: “Sharepoint users will want to pay close attention as it impacts 2007, 2010, 2013 and Microsoft Web Apps, otherwise known as Office Online. This one is for three CVEs, none under public attack, and they do require social engineering aimed at your users to trigger.”
 
Among the six “important” rated patches, Kandek said that MS14-024 and MS14-025 both provide fixes for issues that have been abused by malware, pen-testers and hackers alike. Ernst said that Ms14-026 is an elevation of privilege issue in Windows and the .NET framework, MS14-027 is a vulnerability in Windows Shell Handler that could allow an elevation of privilege. and MS14-028 is for 2 CVEs in iSCSI that could allow denial of service.
 
Tyler Reguly, manager of security research at Tripwire, said: “As a home user of Microsoft Office products, MS14-023 is very interesting to me. My family just migrated to Microsoft OneDrive and Office365 Home for all of our computing needs, and this vulnerability affects the passing of tokens in the OneDrive product; this means I’ll need to be hyper-vigilant in monitoring my families usage of these services until I can get the updates deployed across all of our computers.”
&nbs
p;
This is also the first month where no patches are issued for Windows XP. Kandek believed that any vulnerability for Windows Server 2003 is applicable to XP too, meaning that at least: MS12-029 (IE), MS12-024 (ASLR), MS12-025 (Group Profile), MS14-023 (not XP but Office 2003) patches will not be issued to XP.
 
“However, as we have seen, its market share is shrinking. If that tendency continues we will be close to zero per cent in another four months, even though we will probably see the inevitable flattening at the long-tail of the machine substitution,” he said.

FacebookTweetLinkedIn
Tags: ExplorerPatchVulnerabilityWindowsXP
ShareTweetShare
Previous Post

IETF plans to NSA-proof all future internet protocols

Next Post

Too good to be forgotten?

Recent News

Data Privacy Day: Securing your data with a password manager

For Cybersecurity, the Tricks Come More Than Once a Year

March 31, 2023
cybersecurity training

Only 10% of workers remember all their cyber security training

March 30, 2023
Pie Chart, Purple

New API Report Shows 400% Increase in Attackers

March 29, 2023
Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato Networks Recognised as Leader in Single-Vendor SASE Quadrant Analysis

March 29, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information