MSVR Advisories Alert Users on Security Flaws in Chrome and Opera 

by iClass - Thursday, April 21, 2011
Recently, Microsoft initiated new set of advisories. The advisories termed as Microsoft Vulnerability Research (MSVR) advisories intend to alert users on security vulnerabilities associated with third-party products. MSVR advisories will contain alerts on vulnerabilities privately reported by Microsoft to third-party vendors and will normally be issued only after vendor-supplied patch is available. The initiative is part of the Coordinated Vulnerability Disclosure (CVD) approach of the developer.

Vulnerabilities in products manufactured by other vendors may be identified by in-house developers and test engineers of Microsoft and independent security researchers. They may also be detected by MSVR team through vulnerability analysis and research using internal tool sets on products, which run on Microsoft operating systems, but are manufactured by third-party vendors. The identified vulnerabilities are privately reported to the concerned vendor. MSVR coordinates with the concerned vendors to fix the security flaws.

Microsoft issued first set of MSVR advisories, which alerted users on use-after-free object Lifetime issue in Google Chrome and vulnerability related to HTML5 implementation in Chrome and Opera. The use-after-free object Lifetime issue is related to the way Chrome references freed memory. The flaw allows an attacker to cause the browser to become unresponsive and execute arbitrary code within Chrome Sandbox. The flaw affects Chrome versions prior to 6.0.472.59. Google has mitigated the vulnerability. The vulnerability related to HTML5 implementation affects Chrome 8.0.552.210 and prior versions, and Opera browser 10.62 and prior versions. The security flaw could cause information disclosure, which could be used by attacker to further compromise the affected system. Both Google and Opera have mitigated the security flaw in their respective software.

Attackers constantly ascertain and explore ways to exploit vulnerabilities in software products. Attackers also take advantage of time lag in release of a security update and subsequent implementation by users. Proactive and coordinated approach is required to minimize exploitation of vulnerabilities. As vendors are under constant pressure to develop secure products, the CVD approach may benefit all vendors and provide protection to users. The approach augurs well for the IT industry, which faces shortage of professionals qualified in IT degree programs and other security certifications.

Vendors must educate users on cyber security through security blogs, advertisements, e-tutorials and e-flyers. Organizations must educate employees on security threats and safe online practices through e-learning and Online IT courses.

The vibrant threats in the IT environment make it imperative for cyber security professionals to abreast themselves of latest security tools and techniques by undertaking online IT degree programs, participating in training programs and security conferences.

Contact Press

EC-Council
Website:
http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228


EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

-

0    submitted by iClass -
Read More Press Releases

GetVisa - A game on US Immigration

HUMAN CAPITAL PARTNERS REINVENTS HR TO MEET THE NEEDS OF SMALL TO MID-MARKET BUSINESSES

UN-ILD 2014 Observance at Bangladesh to Far Impact the MDGs and Post-2015 Agendum’s Literacy Objectives.

Pakistan Marks 68th Day of Independence By A Momentous Shine On Global Academic Forefronts—The Historic Launch Of IRT Research Model.

Press Release

Wackiest Pharma Conspiracy Debunked by Pakistani Arch-researcher Dr. Aurangzeb Hafi’s Polygonal Research.

The News--The Pharma-Media Alliance Never Wants The Public Know

Saahil Peerzaada - Turning good ideas into successful brands

Teen CEO Reality Show Founder > > LIVE on National Media – OC Talk Radio, July 1st, 2014

New Guide To Tone Abdominal Muscles Published Online

Get press releases by email