Last week, Microsoft announced 10 software security advisories which warn of 22 new flaws in Microsoft products. This warning is similar to that of last April when the company issued 7 advisories, one of which was exposed by the Sasser worm. This set of advisories doesn’t seem to include any obvious standouts which can be exploited in a Sasser-like fashion. However, Symantec’s analysis of the new flaws showed that three of the flaws, all rated critical, could be attacked in a Sasser-like fashion, but they wouldn’t have the same level of impact which the original Sasser had since the new threats only work on systems with non-default services installed. Unfortunately, you have to understand which systems have which services turned on, then compare that to the checklist Microsoft just released to see the potential problems. In other words, the flaws all need to be patched, but the real danger only exists on systems running vulnerable services. To get your systems’ security up to date, contact your Responsive consultant at 866-RNS-8300. |
