Today, the December 201 Bulletins for Microsoft will be launched. The 17 bulletins will patch 40 flaws in various versions of Microsoft Windows and Office, Internet Explorer versions 6, 7 and 8 as well as SharePoint server and Exchange. Of the 17 bulletins, two are rated “critical”, while 14 are rated “important” and 1 rated as “moderate.” These patches are addressing a variety of important and moderate-level remote code-execution, denial-of-service and privilege-escalation problems.
From Microsoft’s point of view, the goals behind releasing these bulletins are fairly obvious. After studying the Microsoft Response Center case study, we all saw the importance of handling security vulnerabilities in its software and operating systems (especially for a company under constant attack like Microsoft). Not only is it important for Microsoft customers to be able to access their information when they need to, but it is also of the utmost importance for the people running Microsoft software to have confidentiality and integrity.
As a black hat hacker, I would meet this slight increase in Microsoft vulnerability reports with open arms. After including these 17 bulletins, 2010 will mark a record-breaking 106 patches released by Microsoft this year alone. A hacker might want to expose a Microsoft software user web site, server, etc. Another tactic could be to find a hole and change the data of the Microsoft users. Finally, a hacker could perform DoS attacks on these users or take over their systems.
There are inherent vulnerabilities within Microsoft’s software, which is why they are constantly coming out with these patches. There is no overarching solution to this problem because there will always be holes that need to be fixed. Therefore, there will always be hackers (like CyP in the Microsoft Response Center case study) who are trying to stay one step ahead of the Microsoft engineers and exploit these vulnerabilities. Microsoft engineers have been and need to continue to meet the challenges posed by these outside threats.
As I mentioned before, Microsoft simply needs to mitigate the risks posed to their operating systems by hackers. Microsoft Security Response Center blog writer Mike Reavy said, "Older products meeting newer attack methods, coupled with overall growth in the vulnerability marketplace, result in more vulnerability reports." With technology constantly changing, the best thing Microsoft can do is continue to meet the demands of the customers and stay one step ahead of those looking to exploit vulnerabilities.
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1524889,00.html
see also: http://blogs.technet.com/b/msrc/
Posts
No comments:
Post a Comment