Microsoft's Monthly Security Update Mitigates 4 Vulnerabilities
Recently, Microsoft released three security bulletins, which address four vulnerabilities.
The vulnerability in DirectShow is related to the handling of DLL files loading. Attackers may exploit the security flaw to gain complete control of the affected system. Attackers may then install new programs, access, modify and delete files. They may also create new user accounts on the system.
The security flaw in Windows Media Player and Windows Media Center is related to their handling of .dvr-ms files. Cybercriminals may create a specially crafted malicious .dvr-ms file and induce users to open the file. Offenders may create new user accounts on the compromised system, and access, modify and delete files.
The security update rectifies the process followed by Windows Remote Desktop Client and Groove to load external libraries. The vulnerability may be successfully exploited if users access an .rdp file and Groove-related file from the same network folder, wherein attackers have placed the specially crafted library file.
The bug related to DirectShow could be prevented from exploitation by limiting user rights on the system, avoiding opening .wtv, .drv-ms, or .mpg media files stored in untrusted remote file system location. According to the company, Server Message Block, the file sharing protocol is usually disabled in the security perimeter and minimizes the possibility of exploitation of this flaw. Users who have disabled automatic updating must install the security update manually to prevent abuse of the bug.
The flaw related to media player and media center could be prevented from exploitation by limiting user rights on the system. Users must avoid clicking on suspicious links, and downloading suspicious attachments. They must satisfy themselves of the authenticity of e-mails received from unknown sources, before clicking on any links provided in them. They must be cautious of clicking links in banner ads on websites.
Software products are susceptible to vulnerabilities caused by programming errors and lapses. As such, developers face constant challenge of addressing security flaws. Microsoft issues security update on the second Tuesday of every month. The previous Patch Tuesday mitigated 22 vulnerabilities. The security flaws are either identified by in-house security professionals, external security researchers or their exploit code is revealed by attackers on underground forums.Online technology degree programs may help security professionals to equip themselves with new skills to deal with the evolving IT security challenges.
Attackers take advantage of the lack of awareness among users to exploit vulnerabilities. Adherence to patches released by software developers is crucial to safeguard their computers from security breaches. Online computer degree and e-learning programs may help users in understanding the implications of different security threats.
Hiring professionals qualified in security certifications,IT masters degree and computer science degree may help organizations in prompt detection of security flaws, and timely identification and application of relevant security patches.
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.
Tag Words: remote desktop client, security patch, external library, directshow, patch, server message block, groove, vulnerabilities, security flaw, microsoft