Patch Tuesday: August, 2009: 4 workstation holes and a little something for everyone else

There’s plenty to keep us busy this month. Most of the vulnerabilities have Microsoft’s exploitability index of 1 meaning they expect consistent exploit code likely in the next 30 days. Half are workstation vulnerabilities. There’s one denial of service vulnerability for IIS web servers. One vulnerabilities affecting your WINS servers and then 3 that could impact workstation but would mostly be found on servers.

Click on the above Patch chart for enlarged view.

Source: Ultimate windows Security                                                 

Link:http://www.ultimatewindowssecurity.com/Default.aspx

                                                                  

Microsoft fixes Office Web Components vulnerability, kill-bit bypass

Microsoft repaired critical Office Web Components vulnerabilities being actively exploited in the wild since they were first acknowledged by the software giant last month. 

Microsoft also released an additional critical update to repair ActiveX vulnerabilities in its Active Template Library. The errors enable an attacker to bypass kill-bits, a feature commonly deployed by Microsoft to block attackers from exploiting complex interoperability vulnerabilities without addressing the underlying flaw. 

In all, Microsoft issued nine security updates Tuesday, including six rated critical, affecting Windows and Office Web Components.

Source: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1364308,00.html

Vulnerabilities, regulatory compliance drive data protection market

In this difficult economy -- some say because of the economy -- data security remains a spending priority. Companies still must meet regulatory compliance requirements; layoffs, and the specter of impending layoffs, have exacerbated corporate concerns about employees taking sensitive information out the door.

It's true that every information security technology in some way involves the data protection market -- everything from network firewalls and desktop antivirus to application security products (Web application firewalls, code review tools, etc.) However, there are two critical markets that deal with data directly and are generating some serious business: mobile data security (laptop encryption and portable device control), which Forrester Research Inc. pegs at a $1 billion-plus business, and data leakage (or loss) prevention (DLP). Forrester estimates the DLP market will be between $200 million and $250 million this year, while Gartner estimates around $300 million.

Readmore:http://searchsecuritychannel.techtarget.com/news/article/0,289142,sid97_gci1361847,00.html

Corporate Web 2.0 Threats - FAQ

In this expert video, you will learn about Web 2.0 software, the threats it poses, and whether the benefits outweigh the risks. Key areas covered include the threats posed by services like Facebook, MySpace, and LinkedIn, as well as wikis and blogs.

Source: Techtarget

Link: http://searchsecurity.techtarget.com/video/0,297151,sid14_gci1352690,00.html

Microsoft to address critical vulnerability in Office Web Components

Microsoft will issue five critical security bulletins in its August Patch Tuesday release next week, including one that affects Microsoft Office, Microsoft Visual Studio, Microsoft ISA Server and Microsoft BizTalk Server, and another for both Windows and the Windows Client for Mac.

In its advance noticeissued Thursday, Microsoft said that the critical bulletin affecting Microsoft Office, Microsoft Visual Studio, Microsoft ISA Server and Microsoft BizTalk Server addresses a vulnerability in Microsoft Office Web Components, first raised in security advisory 973472. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, remote code execution is possible and may not require any user intervention.

Read more at below link:

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1363924,00.html?track=sy160

Denial-of-Service Attack Strands Twitter Users

A distributed denial-of-service attack took Twitter offline for several hours, preventing millions of users from tweeting. Security experts said the Twitter attack came through botnets via Sweden and Europe. While usershad withdrawal pangs, businesses got pinched and experts said Twitter needs more protection from DDoS attacks.

Say it isn't so! The Twitter bird's beak was closed Thursday as Twitter fought a distributed denial-of-service attack that shut it down for several hours. 

With the mini-blogging site down from 9 a.m. Eastern time until noon, its millions of members were unable to tweet by Web and by mobile phone. A tweet test brought an error message that the "network request failed."

Read more at below link: 

http://www.enterprise-security-today.com/story.xhtml?story_id=012000EWBOGO

How can you handle risks that come with social networking?

Social networking — whether it be Facebook, MySpace, LinkedIn, YouTube, Twitter or something else — is fast becoming a way of life for millions of people to share information about themselves for personal or business reasons. But it comes with huge risks that range from identity theft to malware infections to the potential for letting reckless remarks damage corporate and personal reputations.

I found an intresting article on "networkworld" website which talks about social networking sites and risks related to it. click on the below link to read the full article.

http://www.networkworld.com/news/2009/042709-burning-security-social-networking.html