[ news_security_news ]
Patch Tuesday Draws Industry Comments
David Utter
Staff Writer
2007-12-12
 Security News RSS Feed
PC security firms offered opinions on Microsoft's December patch releases, which included three critical fixes.
Microsoft's regularly scheduled patches for its software has been arriving on millions of PCs. In the corporate environment, security pros may be forgiven for blanching at one particular critical fix, for the Internet Explorer browser.
"Particular attention must be paid to MS07-069, as it will affect the entire Internet Explorer user community," Lumension EMEA regional VP Alan Bentley said in a statement.
"This patch addresses four vulnerabilities in Internet Explorer, affecting how Internet Explorer frees up used memory and offers hackers control of PCs," he continued. Given the broadly used nature of IE, this update will merit immediate attention from administrators.
Amol Sarwate, manager of the Vulnerability Research Lab at Qualys, noted Microsoft patched another zero-day flaw besides the MS07-069 one. MS07-067 corrected a problem with the Macrovision driver, used in PC game DRM schemes. If exploited, it presents a local privilege escalation risk for the targeted system.
"The trend of moving the focus of attacks from the server side to the client side continues in full force, Sarwate said in the Qualys release. "The main target continues to be the every-day desktop user who may not be as aware of the IT security threats as the typical IT administrator."
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More news_security_news Articles
Security News RSS Feed
|
|
RSS
Archive
Contact Us
Advertise
