Security Watch

Microsoft Plays Catch-Up to Hackers

Microsoft issued an "important" out-of-band patch in of September but only made it available for manual download from its security site. The patch resolves a publicly disclosed vulnerability in ASP.NET that could allow for information disclosure, but in a rare occurrence Microsoft released the patch without undergoing its standard testing program for new patches.

Microsoft eventually released the automatic update last Thursday and revealed that it held back its automatic rollout because it had evidence the flaw was being actively exploited by hackers.

This move signals more than anything else Microsoft's concession that it won't be able to move at the speed of hacking but that it believes some patch is better than no patch.

Symantec Transfixed on Stuxnet
Symantec has released a comprehensive study on the W32.Stuxnet worm that has plagued some Windows systems recently. The "W32.Stuxnet Dossier" white paper was presented at the Virus Bulletin 2010 Conference and its findings in PDF format can be downloaded here.

The company's investigation into Stuxnet started June 17 when the Symantec team began a journey of what it calls "surprises, wrong turns, frustrating moments, and moments of validation.

The Stuxnet worm is more than a year old but first appeared in earnest in early April, playing mischief on an enterprise system in The Netherlands. It was mainly transmitted through a USB flash drive.

Symantec staffers and other security experts and gadflies who attended Virus Bulletin 2010 hope this white paper will circulate and serve as a cautionary tale.

Microsoft Investigates Twitter Bug
Redmond said it has "completed its investigation" into the Cross-Site Scripting related security issue publicly disclosed earlier this month.

An information disclosure threat in Microsoft's Internet Explorer has its roots in a "Twitter-rolling" attack, which is the result of the way the browser parses cascading style sheets. Microsoft so far has not specified which browsers might be affected by the bug.

Nevertheless, Microsoft said in a statement that it will take "appropriate action to resolve the vulnerability and will communicate to customers as necessary."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus