Microsoft Patches 34 Flaws in Latest Security Update
Microsoft's latest Patch Tuesday addresses 34 vulnerabilities.
One of the critical vulnerabilities addressed in the latest security update by Microsoft may cause remote code execution, if attacker uses a client computer to make specific requests on a system, which uses TMG firewall client.
The security update resolves two security flaws in the Distributed File System (DFS), which allow attackers to execute arbitrary code, and gain complete control of a computer system by sending a specially crafted DFS response to a client initiated DFS request. Microsoft has resolved a flaw associated with SMB, which may result in remote code execution if attackers send a specially crafted malicious SMB response to SMB request by a client.
The update mitigates a security flaw in XML editor, which may cause information disclosure if users open a specially crafted web service directory. Attackers may use the disclosed information for launching more sophisticated attack on the target computer. The update resolves a denial of service vulnerability in Windows Server 2008 Hyper-V, and Windows Server 2008 R2 Hyper-V. The developer has also addressed a cross-site scripting vulnerability in Active Directory Certificate Services Web Enrolment. Successful exploitation of the vulnerability may allow attackers to execute arbitrary commands by gaining higher privileges. Microsoft has rated all the above three vulnerabilities as important.
Usually, Microsoft releases security update on second Tuesday of every month. Attackers exploit the time lag between the patch release and their implementation by users. As such, it is crucial to keep track of various security updates issued by developers. Professionals qualified in IT degree programs may allow organizations to identify, prioritize and implement security advisories before their exploitation by attackers. Employees must be aware of password construction, handling sensitive data, document download policy, social engineering threats and dealing with suspicious e-mails. Employees must be restricted from sharing passwords and computer systems. E-learning and online IT degree programs may help employees in understanding and implement safe computing practices.
Data breach incidents in the recent past have highlighted the reactive approach to security.Reactive policy may make organizations vulnerability to security incidents. As such, organizations must evolve proactive approach to deal with security threats.IT professionals must update their technical skills and know-how through participation in security conferences, undertaking online IT courses, and security certifications and enhance their capabilities to deal with various forms of malware, spear phishing, and botnet attacks.
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.
Tag Words: information disclosure, critical, vulnerabilities, security bulletin, microsoft, remote code execution, security update, patch tuesday