Security Management Strategies for the CIOMicrosoft plans to address eight vulnerabilities Jan. 10 as part of its regularly scheduled Patch Tuesday round of security updates.
In its January 2012 Advance Notification issued today, Microsoft said it would release seven bulletins, one rated “critical,” repairing coding errors across its product line. The security updates address issues in Microsoft Windows and Microsoft developer tools and software, Microsoft said.
The bulletins address a variety of flaws that could enable remote code execution and an escalation of privileges. One of the flaws, rated “important,” addresses a security feature bypass, which could be used by an attacker to exploit another error. Angela Gunn, security response communications manager for Microsoft’s Trustworthy Computing Group, said detailed analysis of the security feature bypass would be made available on Tuesday.
Microsoft issued an out-of-band security update Dec. 29, addressing four serious vulnerabilities in the .NET Framework. Among the fixes in the out-of-band update was a repair to block hash collision attacks on ASP.NET Web applications. The attacks could cause systems to freeze up.
The update was prompted by a presentation
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
at the Chaos Communications Congress in Berlin where
two researchers identified ways to exploit the error, which can be found in a variety of Web
programming languages. The researchers say development frameworks should have randomized hash
functions to prevent the problem.
~Robert Westervelt
Join the conversationComment
Share
Comments
Results
Contribute to the conversation