Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 3 October, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Microsoft releases 14 patches, with nine rated as critical

by The Gurus
September 11, 2020
in Editor's News
Share on FacebookShare on Twitter

Microsoft released 14 security updates last night, nine of which were rated as critical.

Addressing 33 Common Vulnerabilities and Exposures (CVEs) in Windows, Internet Explorer, Office, .NET Framework and Remote Desktop Protocol.
Russ Ernst, director of product management at Lumension, said: “While we enjoyed a relatively low number of patches each month so far this year, November definitely takes a big jump up with 14 total bulletins released today: four are critical, eight important and two moderate.

“While this is two less than what we thought we would have today according to last week’s ANS, we still have to go back to September of last year for the last time Microsoft released this many bulletins in a single month. The good news however is the CVE count. Just 33 CVEs means fewer opportunities for the bad guys but because the software impacted is widespread, this Patch Tuesday is still a lot of work for IT.”

Since the patch was released, Microsoft revealed that MS14-064 should be the first priority patch as it is currently being exploited in the wild. This bulletin addresses 2 CVEs in a Windows OLE component that could allow a remote code execution.

Wolfgang Kandek, CTO of Qualys, said: “The most important bulletin, MS14-064, addresses a current 0-day vulnerability – CVE-2014-6352 in the Windows OLE packager for Vista and newer OS versions. Attackers have been abusing the vulnerability to gain code execution by sending PowerPoint files to their targets.

“Microsoft had previously acknowledged the vulnerability in security advisory KB3010060  and offered a work-around using EMET and a temporary patch in the form of a FixIt. This is the final fix for OLE Packager (Microsoft had patched the same software in October already with MS14-060 ) that should address all known exploit vectors.”

Craig Young, security researcher at Tripwire, said: “Some administrators may want to prioritise this over the Internet Explorer patch, even though we’ve seen attacks we’ve seen in the wild against the browser. This is because MS14-066 has the potential to be exploited without user-interaction.

“Fortunately Microsoft’s assessment is that reliable exploitation of this bug will be tricky. Hopefully, this will give admins enough time to patch their systems before we see exploits.”

Among other patches, Kandek recommened next looking at MS14-066, a patch for Internet Explorer that addresses 17 vulnerabilities. “The most severe of these vulnerabilities could be used to gain control over the targeted machine,” he said.

“An attack will take the form of a malicious webpage that the targeted user has to browse to. There are two basic scenarios that attackers use frequently: in the first the user browses to the site by their own volition, maybe as part of a daily routine, but the attacker has gained control over the website in question through a separate vulnerability and is able to plant malicious content on the site.”

Ross Barrett, senior manager of security engineering at Rapid7, said: “Every supported version of Windows is impacted by the critical issues, with the minor exception of Server Core not having Internet Explorer exposure. Perimeter systems are often mission critical and need the fastest attentions.  Administrators will have to balance the risk of exploit with their perceived exposure and their tolerance for downtime.”

FacebookTweetLinkedIn
Tags: MicrosoftMS14-064PatchesSecurity Update
ShareTweet
Previous Post

IT pros do not perform mobile security best practice

Next Post

Mircosoft Release Critical Patch As Vulnerability Is Found

Recent News

Cybersecurity has become the fastest growing start-up sector in UK

UK SME cyber threat concerns on the rise in last 12 months as a quarter admit to being breached

October 3, 2023

The State of Cybersecurity: Cyber skills gap leaves business vulnerable to attacks, new research reveals

October 3, 2023
threat hunting

Threat Hunting with MITRE ATT&CK

October 2, 2023
Guide to ransomware and how to detect it

Guide to ransomware and how to detect it

September 28, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information