November security updates from Microsoft
Microsoft released four security bulletins this afternoon (one critical, two important and one moderate) as part of its regular monthly release cycle.
Missing from today’s bulletins is a patch for the vulnerability affected by Duqu. Microsoft has said it is working diligently on that patch.
Below is analysis from McAfee and Symantec:
McAfee
“Though there is no patch to address the zero-day vulnerability exploited by the Duqu Trojan, Microsoft did release a temporary workaround for the bug on Nov. 4,” said Jim Walter, manager of the McAfee Threat Intelligence Service (MTIS) at McAfee Labs. “The release of Security Advisory 2639658 is the first in which Microsoft is posting MAPP partner protection details, and McAfee is one of the vendors who have released protections within 48 hours of the announcement of the Microsoft Security Advisory. IT administrators should ensure that they implement both today’s patches and take note of the workaround, in order to prevent the Duqu Trojan from doing more damage.”
Symantec
“Although today’s patch update is fairly small, it is possible we will see an upcoming out-of-band patch for the zero-day vulnerability used in the Duqu installer,” said Joshua Talbot, security intelligence manager, Symantec Security Response. “Microsoft recently published a security advisory as well as a temporary fix and is currently investigating the vulnerability. In addition to implementing the temporary fix, IT departments and end users should also remain vigilant in following standard security best practices.
"The Reference Counter Overflow Vulnerability from this month’s update is probably the most concerning of the bunch,” Talbot concluded. “We estimate an attack attempting to leverage it would take a considerable amount of time; perhaps 4 to 5 hours to complete a single attack. However, if an attacker can pull it off the result would be a complete system crash or compromise if the attacker develops a reliable means of exploitation.”
--Bill Brenner
Print
Missing from today’s bulletins is a patch for the vulnerability affected by Duqu. Microsoft has said it is working diligently on that patch.
Below is analysis from McAfee and Symantec:
McAfee
“Though there is no patch to address the zero-day vulnerability exploited by the Duqu Trojan, Microsoft did release a temporary workaround for the bug on Nov. 4,” said Jim Walter, manager of the McAfee Threat Intelligence Service (MTIS) at McAfee Labs. “The release of Security Advisory 2639658 is the first in which Microsoft is posting MAPP partner protection details, and McAfee is one of the vendors who have released protections within 48 hours of the announcement of the Microsoft Security Advisory. IT administrators should ensure that they implement both today’s patches and take note of the workaround, in order to prevent the Duqu Trojan from doing more damage.”
Symantec
“Although today’s patch update is fairly small, it is possible we will see an upcoming out-of-band patch for the zero-day vulnerability used in the Duqu installer,” said Joshua Talbot, security intelligence manager, Symantec Security Response. “Microsoft recently published a security advisory as well as a temporary fix and is currently investigating the vulnerability. In addition to implementing the temporary fix, IT departments and end users should also remain vigilant in following standard security best practices.
"The Reference Counter Overflow Vulnerability from this month’s update is probably the most concerning of the bunch,” Talbot concluded. “We estimate an attack attempting to leverage it would take a considerable amount of time; perhaps 4 to 5 hours to complete a single attack. However, if an attacker can pull it off the result would be a complete system crash or compromise if the attacker develops a reliable means of exploitation.”
--Bill Brenner
CSO's Daily Dashboard gives you a one-stop view of latest business threats. We created it for you! Bookmark it! Use it!
Get your morning news fix with the daily Salted Hash e-newsletter!
Previous Post: Siemens joins SAFECodeNext Post: I can admit when I'm wrong (about Adobe, in this case)
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
WHITE PAPER
Reduce Email Archives up to 60%
Are you considering implementing a proactive archiving and eDiscovery solutions? This paper summarizes 15 separate soft cost savings when implementing Symantec Enterprise Vault and the Clearwell eDiscovery Platform.
WHITE PAPER
Aberdeen Report: To Patch, or Not to Patch? (Not If, But How)
The report explores the correlation between the current use of patch management and the level of endpoint-related risk that companies are effectively accepting.
Recent Comments
Webcasts
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection
White Papers
