Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 4 October, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Windows and Explorer patched by Microsoft

by The Gurus
July 9, 2014
in Editor's News
Share on FacebookShare on Twitter

Microsoft released six patches last night to cover 29 vulnerabilities in Microsoft Windows and Internet Explorer.
 
With two rated as critical, three rated as important and one rated as moderate in severity, Tyler Reguly, manager of security research at Tripwire, recommended TT teams to focus on the two critical issues affecting Internet Explorer and Windows Journal first.
 
“If you cannot apply updates immediately, there are workarounds for both of these critical flaws,” he said. “Users can switch to a new browser, making sure to set the new browser as the default, and disable any Windows Journal .JNT file associations. While a patch is always preferred, limiting the attack surface is a good backup.”
 
Craig Young, security researcher at Tripwire, said: “The critical vulnerability described in MS14-038 is a great example of how unused software can be abused by attackers. In this case Windows Journal, which is installed by default but isn’t commonly used, can lead to arbitrary code execution.”
 
Wolfgang Kandek, CTO of Qualys, said: “This first made its appearance in Windows XP Tablet Edition, so this is a vulnerability that really does not apply to a normal Windows XP system. However after XP, it has been included by default in all subsequent Windows versions: Vista, 7 and 8 and can be attacked through a specially formatted input file.
 
“The attack vector can be through web-browsing, email or IM or any other means that can be used to send you a .JNT file. Given its obscurity and the potential for more file format problems it is probably a reasonable measure to disable the file extension .JNT.”
 
Kandek highlighted the biggest update of the month to be the highest priority. “MS14-037 addresses 24 vulnerabilities in Internet Explorer (IE), almost all user-after-free type vulnerabilities and is valid for all versions (6-11) of Microsoft’s browser. There are no zero-days open for IE, which would dictate the shortest turn-around possible for
the installation of the patch, but nevertheless IT admins should schedule the IE patch for a quick installation,” he said.

 
Kandek also recommended users look at this month’s Adobe Flash fix as their second highest priority, unless they are running IE10, IE11 or Google Chrome. “They embed Adobe Flash and update it automatically, so in that case you and your users do not have to do that. Everybody else, Internet Explorer 9 and lower, Firefox and Mac OS X users should update their Flash installation manually.”

FacebookTweetLinkedIn
ShareTweet
Previous Post

Google patches Drive privacy scare

Next Post

Third of security professionals do not encrypt communications

Recent News

Cybersecurity has become the fastest growing start-up sector in UK

UK SME cyber threat concerns on the rise in last 12 months as a quarter admit to being breached

October 3, 2023

The State of Cybersecurity: Cyber skills gap leaves business vulnerable to attacks, new research reveals

October 3, 2023
threat hunting

Threat Hunting with MITRE ATT&CK

October 2, 2023
Guide to ransomware and how to detect it

Guide to ransomware and how to detect it

September 28, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information