News

Microsoft responds to Flame malware, patches 26 vulnerabilities

Jeremy Stanley

Windows admins that are worried about the Flame malware can rest easy, as Windows Update and Windows Server Update Services were both patched ahead of Patch Tuesday.

The patches, released last week, addressed an issue with a certificate that was hijacked as part of the Flame malware.

Microsoft noted that the malicious Flame malware code had an appearance of authenticity because it was signed with certificates that made it appear as if was coming from the company at the same time.

The worry surrounded the potential of a "man-in-the middle attack [using] Windows Update," said Jason Miller, a member of Shavlik Technologies Patch Patrol Team.

It is doubtful, however, that small- and medium-sized enterprises are at risk, due to the sophisticated nature of the malware, said Miller.

Shops that use

Requires Free Membership to View

Windows Server Update Services (WSUS) and Windows Update should apply fixes right away, said Andrew Storms, director of security operations for nCircle, a risk and security management provider based in San Francisco, Calif. Fixing the problem quickly should ease worries and might prevent Microsoft shops from turning off Windows Update, he said.

Patches for IE, Remote Desktop Protocol

With WSUS and Windows Update concerns assuaged, administrators can focus on the other patches released this month. Patch Tuesday covered 26 vulnerabilities across seven bulletins, three of which were labeled critical.

Perhaps the most critical patches that should be applied immediately were for the most recent versions of Internet Explorer (IE). The cumulative update contains fixes for 13 IE vulnerabilities, some of which have already been targeted.

"[IE is] going to be at the top of the list… there's so many [attackers] going after client-side bugs," Miller said.

Remote Desktop Protocol (RDP) also received a fix, just months after RDP was plagued with a critical vulnerability that was patched.

The vulnerability dealt with a "network-based attack that doesn't require authentication," Storms said. In that case, it's imperative to patch quickly, he said.

Miller noted that two bulletins labeled "important" in this release, MS12-039 and MS12-040, are not available through WSUS or Windows update and must be downloaded at Microsoft's download center. Those updates dealt with Microsoft Lync and Microsoft Dynamics AX Enterprise Portal.

Admins can get a full rundown of fixes on Microsoft's security bulletin summary page.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: