A Patch Tuesday hole to watch for
Microsoft's January 2011 security update doesn't come out for several hours, but some security vendors are already making noise about what they expect to go unfixed.
Specifically, you can expect to hear about Redmond's lack of action on a vulnerability discovered by researcher Michal Zalewski.
Security researchers have already warned of exploits against this particular flaw, and some -- including Imperva senior security strategist Noa Bar Yossef -- are suggesting measures to blunt the impact.
Here's Yossef's tips, e-mailed to me by Imperva/Page One PR man Clinton Karr:
1. Assessing the exploits as mentioned in the patch. This includes understanding the details of the exploit and whether it is even applicable to the specific user. It is important also to understand how an attack would affect the system.
2. Assessing the process of patching. Sometimes a patch may be contradictory to an already existing code, or even a work-around.
3. Patching the system itself. The patching process should be continuously reviewed. For instance, it already happened that MS released a patch which broke another fix.
Watch this space later for more on the January security update from Microsoft.
--Bill Brenner
Print
Specifically, you can expect to hear about Redmond's lack of action on a vulnerability discovered by researcher Michal Zalewski.
Security researchers have already warned of exploits against this particular flaw, and some -- including Imperva senior security strategist Noa Bar Yossef -- are suggesting measures to blunt the impact.
Here's Yossef's tips, e-mailed to me by Imperva/Page One PR man Clinton Karr:
1. Assessing the exploits as mentioned in the patch. This includes understanding the details of the exploit and whether it is even applicable to the specific user. It is important also to understand how an attack would affect the system.
2. Assessing the process of patching. Sometimes a patch may be contradictory to an already existing code, or even a work-around.
3. Patching the system itself. The patching process should be continuously reviewed. For instance, it already happened that MS released a patch which broke another fix.
Watch this space later for more on the January security update from Microsoft.
--Bill Brenner
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
WHITE PAPER
Reduce Email Archives up to 60%
Are you considering implementing a proactive archiving and eDiscovery solutions? This paper summarizes 15 separate soft cost savings when implementing Symantec Enterprise Vault and the Clearwell eDiscovery Platform.
WHITE PAPER
Aberdeen Report: To Patch, or Not to Patch? (Not If, But How)
The report explores the correlation between the current use of patch management and the level of endpoint-related risk that companies are effectively accepting.
Recent Comments
Webcasts
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection
White Papers
