This month, Microsoft released two security bulletins for eight security vulnerabilities, but none of all these security vulnerabilities that Microsoft categorized as critical vulnerabilities.
Experts at Symantec estimates that Microsoft has lowered the level of security. "Since the launch of Windows 7, Microsoft seems to have lowered the criteria file-based security vulnerabilities," said Joshua Talbot, Security Intelligence Manager, Symantec Security Response. "In the past, I think a lot of security vulnerabilities patched this month could be categorized as critical, but with protections like DEP and ASLR, the types of security vulnerabilities is not an issue for Windows 7. What I worry about are in many large companies, Windows XP still commonly used, and security vulnerabilities are becoming more dangerous on the XP system and previous systems. "
Symantec has discovered a dangerous attack. The threat to attack Internet Explorer. "Microsoft did not patch the security vulnerabilities of Internet Explorer win32hlp revealed to the public a few weeks ago," added Talbot. "We've seen exploit code that has been proven (proof-of-concept) for the security vulnerability, but have not seen any attacks using this vulnerability on the ground."
"Unique user interaction is needed to make IE security vulnerabilities work, but the attacker can fake an exploit that could provoke the user to perform an action," said Talbot. "For example, create pop-up window appears again and again until the user clicks a certain button to stop, which may eventually cause the machine to be infected."
In addition, Microsoft also has released a suggestion for a new security vulnerabilities that affect the zero day Internet Explorer. "Symantec has investigated the exploitation of these security vulnerabilities and have created the field detection Trojan.Malscript! Html and JS.Downloader to overcome these attacks," said Talbot.
Symantec strongly recommends users to patch their systems in order to overcome these security vulnerabilities. In addition, companies are encouraged to consider implementing a patch management solution automatically to help overcome these risks.
Experts at Symantec estimates that Microsoft has lowered the level of security. "Since the launch of Windows 7, Microsoft seems to have lowered the criteria file-based security vulnerabilities," said Joshua Talbot, Security Intelligence Manager, Symantec Security Response. "In the past, I think a lot of security vulnerabilities patched this month could be categorized as critical, but with protections like DEP and ASLR, the types of security vulnerabilities is not an issue for Windows 7. What I worry about are in many large companies, Windows XP still commonly used, and security vulnerabilities are becoming more dangerous on the XP system and previous systems. "
Symantec has discovered a dangerous attack. The threat to attack Internet Explorer. "Microsoft did not patch the security vulnerabilities of Internet Explorer win32hlp revealed to the public a few weeks ago," added Talbot. "We've seen exploit code that has been proven (proof-of-concept) for the security vulnerability, but have not seen any attacks using this vulnerability on the ground."
"Unique user interaction is needed to make IE security vulnerabilities work, but the attacker can fake an exploit that could provoke the user to perform an action," said Talbot. "For example, create pop-up window appears again and again until the user clicks a certain button to stop, which may eventually cause the machine to be infected."
In addition, Microsoft also has released a suggestion for a new security vulnerabilities that affect the zero day Internet Explorer. "Symantec has investigated the exploitation of these security vulnerabilities and have created the field detection Trojan.Malscript! Html and JS.Downloader to overcome these attacks," said Talbot.
Symantec strongly recommends users to patch their systems in order to overcome these security vulnerabilities. In addition, companies are encouraged to consider implementing a patch management solution automatically to help overcome these risks.
0 comments
Post a Comment