Microsoft responds to Flame malware, patches 26 vulnerabilities

With heightened concerns about the Flame malware, Microsoft released fixes for Windows Update and WSUS ahead of Patch Tuesday.

Windows admins that are worried about the Flame malware can rest easy, as Windows Update and Windows Server Update Services were both patched ahead of Patch Tuesday.

The patches, released last week, addressed an issue with a certificate that was hijacked as part of the Flame malware.

Microsoft noted that the malicious Flame malware code had an appearance of authenticity because it was signed with certificates that made it appear as if was coming from the company at the same time.

The worry surrounded the potential of a "man-in-the middle attack [using] Windows Update," said Jason Miller, a member of Shavlik Technologies Patch Patrol Team.

It is doubtful, however, that small- and medium-sized enterprises are at risk, due to the sophisticated nature of the malware, said Miller.

Shops that use Windows Server Update Services (WSUS) and Windows Update should apply fixes right away, said Andrew Storms, director of security operations for nCircle, a risk and security management provider based in San Francisco, Calif. Fixing the problem quickly should ease worries and might prevent Microsoft shops from turning off Windows Update, he said.

Patches for IE, Remote Desktop Protocol

With WSUS and Windows Update concerns assuaged, administrators can focus on the other patches released this month. Patch Tuesday covered 26 vulnerabilities across seven bulletins, three of which were labeled critical.

Perhaps the most critical patches that should be applied immediately were for the most recent versions of Internet Explorer (IE). The cumulative update contains fixes for 13 IE vulnerabilities, some of which have already been targeted.

"[IE is] going to be at the top of the list… there's so many [attackers] going after client-side bugs," Miller said.

Remote Desktop Protocol (RDP) also received a fix, just months after RDP was plagued with a critical vulnerability that was patched.

The vulnerability dealt with a "network-based attack that doesn't require authentication," Storms said. In that case, it's imperative to patch quickly, he said.

Miller noted that two bulletins labeled "important" in this release, MS12-039 and MS12-040, are not available through WSUS or Windows update and must be downloaded at Microsoft's download center. Those updates dealt with Microsoft Lync and Microsoft Dynamics AX Enterprise Portal.

Admins can get a full rundown of fixes on Microsoft's security bulletin summary page.

Dig deeper on Windows Server and Network Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close