IT Security News for this Month
Hackers are constantly on the lookout for ways to exploit vulnerabilities in operating systems. With successful attempts to tap into network/system backbones on the rise, a great need to patch critical flaws in security is evident. Fortunately, major IT companies and developers are responding well to the demand. In fact, Microsoft has released its recent security bulletins to address major vulnerabilities affecting Internet Explorer, Windows, Edge, and Office.
Rated critical, the MS15-106 bulletin resolves as many as 14 different vulnerabilities in Internet Explorer. These flaws include memory corruption, information disclosure, privilege escalation, Jscript and VB Script, and other bypass issues that impact IE and the scripting engine. Perhaps the most serious security holes patched using this bulletin are ones which can be exploited by remote hackers for arbitrary code execution.
Another bulletin that has been rated critical is the MS15-108 patch, which takes care of memory corruption, information disclosure, and many of the aforementioned vulnerabilities, but this time in Windows. Yet another security patch addressing remote code execution flaws has also been released to address bugs resulting from the way Windows Shell and Microsoft Input Band manipulate objects in memory.
The MS15-111 patch addresses elevation privilege, resolving vulnerabilities for Windows clients. The most severe of these vulnerabilities could result in an elevation of privilege if the attacker logs onto your affected system and runs a specifically crafted or an extremely important application.
Bulletins that were rated important are designed to fix weaknesses in Office, Edge, and Windows Kernel. These vulnerabilities can potentially be leveraged for remote code execution and information disclosure, while there is no evidence yet that any of these vulnerabilities have been exploited in the wild, it pays to be prepared against them as they can lead to many debilitating consequences for systems and networks.
Microsoft released a total of six different security bulletins on their October patch day. Three of these bulletins were rated critical, which is the highest severity rating for security patches. The updates impact different Microsoft clients, including Internet Explorer, Windows, Microsoft Office, Edge, and the Microsoft Server Software. It has also been found that all client versions of Windows were affected by one critical vulnerability, which these patches address. Regular updates like these are indeed, extremely critical especially nowadays when hackers and cybercriminals are out to do everything they can to exploit website and system vulnerabilities and wreak havoc within the IT assets of organizations. The same is true when dealing with security vulnerabilities involving other clients like Java and Firefox.
Adobe typically releases security updates in conjunction with Microsoft on the second half of each month. October saw updates and security patches addressing issues that involve their Acrobat Reader and Flash Player. As part of Oracle's regular update cycle, they released a critical patch update containing 154 new security fixes across their product families, including among others, Oracle Fusion Middleware, database, Hyperion, E-Business Suite, and more. Mozilla released the latest version of its web browser, fixing but one vulnerability, which is a cross-origin restriction bypass via Fetch.
About the Author:
Mike Rana is the Chief Technology Advisor of Orion Network Solutions. Orion Network Solutions specializes in providing Computer Installation, Maintenance and Consulting services along with 24x7 help desk services for small and midsize companies. We provide network solutions that enables small businesses to not only lower their management cost but also increases employee productivity at the same low price. We offer network solution that become integral part of your organization and can provide an increase in productivity of your organization.
|share||like 1||report||12 views|