DTX Manchester DTX Manchester
  • About Us
Tuesday, 26 January, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Windows and Explorer patched by Microsoft

by The Gurus
July 9, 2014
in Editor's News
Share on FacebookShare on Twitter

Microsoft released six patches last night to cover 29 vulnerabilities in Microsoft Windows and Internet Explorer.
 
With two rated as critical, three rated as important and one rated as moderate in severity, Tyler Reguly, manager of security research at Tripwire, recommended TT teams to focus on the two critical issues affecting Internet Explorer and Windows Journal first.
 
“If you cannot apply updates immediately, there are workarounds for both of these critical flaws,” he said. “Users can switch to a new browser, making sure to set the new browser as the default, and disable any Windows Journal .JNT file associations. While a patch is always preferred, limiting the attack surface is a good backup.”
 
Craig Young, security researcher at Tripwire, said: “The critical vulnerability described in MS14-038 is a great example of how unused software can be abused by attackers. In this case Windows Journal, which is installed by default but isn’t commonly used, can lead to arbitrary code execution.”
 
Wolfgang Kandek, CTO of Qualys, said: “This first made its appearance in Windows XP Tablet Edition, so this is a vulnerability that really does not apply to a normal Windows XP system. However after XP, it has been included by default in all subsequent Windows versions: Vista, 7 and 8 and can be attacked through a specially formatted input file.
 
“The attack vector can be through web-browsing, email or IM or any other means that can be used to send you a .JNT file. Given its obscurity and the potential for more file format problems it is probably a reasonable measure to disable the file extension .JNT.”
 
Kandek highlighted the biggest update of the month to be the highest priority. “MS14-037 addresses 24 vulnerabilities in Internet Explorer (IE), almost all user-after-free type vulnerabilities and is valid for all versions (6-11) of Microsoft’s browser. There are no zero-days open for IE, which would dictate the shortest turn-around possible for
the installation of the patch, but nevertheless IT admins should schedule the IE patch for a quick installation,” he said.

 
Kandek also recommended users look at this month’s Adobe Flash fix as their second highest priority, unless they are running IE10, IE11 or Google Chrome. “They embed Adobe Flash and update it automatically, so in that case you and your users do not have to do that. Everybody else, Internet Explorer 9 and lower, Firefox and Mac OS X users should update their Flash installation manually.”

0 0 vote
Article Rating
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Google patches Drive privacy scare

Next Post

Third of security professionals do not encrypt communications

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

Effective ways to prevent payroll fraud

Effective ways to prevent payroll fraud

January 25, 2021
Surveillance Camera on a wall

ADT Technician Watched Customers in their Homes

January 25, 2021
Up close image of a hand on a keyboard.

Hackers exploit U.S. Agency Supply Chain

January 25, 2021
Ripped paper heart

2.28 million MeetMindful users’ data leaked by hacker

January 25, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept