Microsoft issues patches, two are critical
Wednesday, February 11, 2009
Yesterday, Microsoft released its monthly security patches that addressed eight vulnerabilities in the company's products, which included two for Exchange that were labeled as critical.
Some security experts warned the Exchange vulnerabilities could lead to active exploits because it did not require users to take any action for machines to be compromised, SCMagazineus.com reports.
According to one expert, a cybercriminal could send out an email with a malicious attachment and send it to anyone at the domain, states the article. If done right, the attachment would execute code directly on the server, all without human interaction with the message. This could lead to an "enterprise-wide compromise from one email."
SMBs and organizations may want to pay close attention to the possible Exchange vulnerabilities, given the rise of the Downandup/Conflicker worm initially started from machines that didn't install a patch released by Microsoft.
As of January 23rd, the Conflicker worm had infected an estimated 10 million PCs worldwide with many security experts expecting a dangerous second round of attacks that may be more devastating than the first, NetworkWorld.com reports.
Related News:
Conficker still a threat to web security - 3.18.2010
The Conficker worm was by far the most notorious piece of malware in 2009 for several reasons. Not only did it receive media attention and infect more computers than any other strain, according to Katonda, a business technology website, it reminded web security professionals of bygone days when major epidemics were the norm.
Network security update not responsible for crashes - 2.24.2010
Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010
Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010
The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
|
