Microsoft's Patch Tuesday Mitigates Security Flaws in Internet Explorer 

by iClass - Wednesday, April 13, 2011
Microsoft mitigated 64 vulnerabilities in the latest Patch Tuesday. In all Microsoft released 17 security bulletins. The gigantic security update by the developer also includes patch for four privately disclosed vulnerabilities and one publicly disclosed vulnerability in Internet explorer (IE). The company has rated the update as critical on Windows clients for IE6, IE7 and IE8 and moderate for IE6, IE7 and IE8 on Windows servers. The security flaws do not affect IE9. The security flaws could allow remote code execution, if the user views a specially crafted malicious web page on IE. Exploitation of the security flaws could enable the attacker to gain the same rights as those of the user account. The update improves the way IE manages objects in memory, and content and script during some processes.

One of the five vulnerabilities mitigated is a use-after-free bug, which was successfully exploited by security researcher Stephen Fewer in Pwn2own contest at CanSecWest Conference held earlier this year. Fewer, associated with Harmony security used three vulnerabilities to exploit and escape the protected mode of the browser. Microsoft is working to resolve the other two vulnerabilities – heap address leak and protected mode bypass, exploited by the Ireland-based security researcher. The use-after-free bug and information leak vulnerabilities do not affect IE9 as the issue was identified through fuzzing and resolved by the company's professionals during the development of version 9.

Security flaws in software are common. IT professionals are required to regularly update their skills by attending security conferences, webinars and undertaking online IT degree programs.

Developers encourage researchers to identify and report vulnerabilities prior to their exploitation by the cybercriminals. Some of the mitigated vulnerabilities were reported by security researchers affiliated to Google and VeriSign. Proactive approach is crucial to deal with the ever growing cyber threats. Professionals qualified in secured programming, IT degree programs and penetrating testing may help software developers in timely identification and mitigation of security flaws.

Microsoft releases security updates on every second Tuesday of a month. Security experts have advised users to immediately apply the patches provided by the company in the mega security update. Internet users must use genuine software and enable automatic updating to allow automatic download and installation of security updates. Users must resist the tendency to use pirated and cheap software as they adversely affect the functioning of the computer system. Use of counterfeit software also deprives users of the opportunity to benefit from regular security updates and recommendations from software developers. They must also resist from opening e-mail attachments received from suspicious and unknown sources. They must install and update security solutions to safeguard computers against malware and other malicious downloads. Employees could be made aware of the security threats through regular huddle sessions, e-learning programs and encouraging them to undertake online IT courses on cyber security.Organizations must restrict user rights on computer systems to avoid execution of malicious code and compromise of confidential information. Security professionals must keep track of the security updates and threat alerts to identify and apply relevant patches.

Contact Press

EC-Council
Website:
http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228


EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.



-

0    submitted by iClass -
Read More Press Releases

Practitioner seeks state funds to widen study of naprapathy to treat vets’ PTSD

Comet Infowave Pvt. Ltd.

GetVisa - A game on US Immigration

HUMAN CAPITAL PARTNERS REINVENTS HR TO MEET THE NEEDS OF SMALL TO MID-MARKET BUSINESSES

UN-ILD 2014 Observance at Bangladesh to Far Impact the MDGs and Post-2015 Agendum’s Literacy Objectives.

Pakistan Marks 68th Day of Independence By A Momentous Shine On Global Academic Forefronts—The Historic Launch Of IRT Research Model.

Press Release

Wackiest Pharma Conspiracy Debunked by Pakistani Arch-researcher Dr. Aurangzeb Hafi’s Polygonal Research.

The News--The Pharma-Media Alliance Never Wants The Public Know

Saahil Peerzaada - Turning good ideas into successful brands

Get press releases by email