All the latest UK technology news, reviews and analysis
|
|
|
11 Aug 2010
Security experts have warned administrators to ignore Microsoft's latest Patch Tuesday update at their peril, despite it covering a record-tying 34 vulnerabilities.
A third of the vulnerabilities are rated 'critical', suggesting work needs to start immediately, but firms need to think carefully about what order to fix them in.
Security firm Symantec highlighted in a blog post that the SMB pool overflow vulnerability is a "real concern" for enterprises, explaining that it opened up multiple systems to attack, despite being seemingly innocuous.
"Not only does it give an attacker system-level access to a compromised SMB server, but the vulnerability occurs before authentication is required from computers contacting the server," wrote Joshua Talbot, security intelligence manager at Symantec Security Response.
"This means that any system allowing remote access and not protected by a firewall is at risk."
Talbot added that this would involve quite a sophisticated attack, which would have to begin by compromising an employee's machine using social engineering tactics.
However, should this be achieved, the compromised machine could be used to attack any other SMB connected machine in the network.
"Workstations that have enabled file and print sharing are also at risk. Laptops with this configuration that connect to untrusted networks, such as public Wi-Fi, or that allow ad hoc connections, could be attacked by neighbouring computers," Talbot explained.
"The user could then unwittingly carry their infected system back to the enterprise, opening the door to an organisation's entire network."
Security firm Lumension, meanwhile, labeled the patch releases "bumper" and "disruptive", and agreed that the patches would put more pressure on IT departments that are already struggling with other patch cycles. However, it invoked the growing threat of the seemingly irrepressible Zeus botnet.
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
This role is in the busy technology department within...
We are looking for a Sage Technical Support specialist...
EMEA Cash Equity/Futures Support Manager, Top Tier Bank...
Senior Java Analyst/Developer Skill set: Java, J2SE...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?