(May 8, 2008)
This month, Microsoft says it will release four security bulletins on patch Tuesday, May 13. Three of the four bulletins have been given severity ratings of critical; the other has been rated important. The patches address flaws in Windows, Word, Publisher and Jet Database Engine. The important bulletin will address flaws in Microsoft's anti-malware products. Two of the four patches will require restarts.
GCN
IDG
Microsoft
[Editor's Note (Cole): It is critical that organizations have an approach to apply patches within 24 hours. I am seeing patch Tues. and exploit Thurs., where attackers will reverse engineer patches and exploit the systems within 48 hours. Timely patching is no longer a recommendation it is a requirement.]
Exploit Thursday? That is a worrying, if expected development. Attackers have obviously built some sophisticated tools to quickly reverse engineer patches and then use the knowledge gained to add a new attack vector into their malware. This is far easier than trying to track holes themselves. Very smart.
0 comments:
Post a Comment