ISR News: Microsoft Patch Tuesday

March 9, 2009 by ADMIN

Share |

Excerpts From Cnet.com

Microsoft said Thursday it will release three security updates on this coming Patch Tuesday, including one that is rated “critical” and could allow an attacker to take over the computer. The critical update affects Windows 2000, XP, Vista and Server 2003 and 2008, the company said in an advisory.

The other two updates are rated “important” and could be used for spoofing, in which an attacker is able to masquerade as someone else. One of the patches affects all supported versions of Windows and the second affects Windows 2000, Server 2003, and Server 2008.

Missing from the security updates is a fix for a security vulnerability in Excel, for which there have been Zero-Day exploits.

Comment By Kevin M. Nixon, Information-Security-Resources.com Security Editor:

Readers should note that Information-Security-Resources.com staff has been working in coordination with both Microsoft & US-CERT to raise the awareness of this new vulnerability risk. US-Cert reviewed our data and has issued the following HIGH Impact Security

Alerts:

http://www.us-cert.gov/current/index.html#microsoft_releases_advanced_notification_for4

http://www.us-cert.gov/current/index.html#malicious_code_targeting_social_networking

Kevin has testified as an expert witness before the Congressional High Tech Task Force, the Chairman of the Senate Armed Services Committee, and the Chairman of the House Ways and Means Committee. He has also served on infrastructure security boards and committees including the Disaster Recovery Workgroup for the Office of Homeland Security, and as a consultant to the Federal Trade Commission.

These icons link to social bookmarking sites where readers can share and discover new web pages.

Share |

Filed under: ISR News, hackers, identity-theft, malware, privacy

Tags: 2009, 3-10-2009, access, Anthony M. Freed, Breach, breaches, bypass, computer, confidential, consumer product liability, control, Costs, criminal, critical, cyber security, cyber-crime, cybersecurity, D and O liability, Data, due diligence, Economy, electronic database, Excel, Finance, Financial, Financial Identity, Financial InfoSec, governance, hackers, homeland Security, ID, identity thief, Infoduciary, Information, Information Fiduciary, Information-Security-Resources.com, InfoSec, infrastructure, ISR, law, legal, liability, markets, meltdown, misuse, MSN, national security, News, online fraud, outsourcing, paperless, Patch Tuesday, privacy rights, regulations, regulatory, Report, risk, Security, shareholder derivative, System, systems, takeover, theft, third party, valuation, vendors, Vista, Windows, XP, zero day attack

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

Categories
- Anthony M. Freed (26)
- Bill Brenner (2)
- Bob Violino (1)
- Bozidar Spirovski (23)
- Breach (540)
- Britt Womelsdorf (5)
- By Dr. InfoSec (2)
- Cara Garretson (7)
- CCCNews (1)
- Chorey Taylor & Feil (8)
- Christophe Veltsos (2)
- Christopher Burgess (7)
- CIOZone (26)
- Class Action Lawsuit (111)
- Cloud computing (109)
- Coby Royer (5)
- CTO Forum (9)
- D&O Liability (597)
- Daniel Wallace (5)
- Danny Lieberman (11)
- DataLine (10)
- David Alexander (2)
- Derek Crawford (1)
- Doug Pollack (7)
- due diligence (306)
- Fame Foundry (1)
- FEATURE ARTICLE (428)
- Financial (583)
- Fred Leland (7)
- Gene Kim (3)
- Government (369)
- Greg George (5)
- H1N1 (15)
- hackers (535)
- healthcare (130)
- Heather Bourgoin (1)
- HomeATM (8)
- identity-theft (531)
- IDExperts (17)
- Ike Z. Devji (1)
- Infosec Island Network (34)
- Insider Threat (486)
- Internet Crime Complaint Center (1)
- Internet Security Alliance (67)
- ISR News (321)
- Jacqueline Herships (2)
- Jenni Hesterman (3)
- John M. Salomon (2)
- John Watkins (7)
- John-Patrick Skaar (2)
- Kaliber Data Security and Compliance Consultants (3)
- Kat Sanders (2)
- Ken Leeser (3)
- Kevin L. Jackson (10)
- Kevin M. Nixon (21)
- Larry Ketchersid (1)
- Laton McCartney (7)
- Lauren Taylor (1)
- Linda McGlasson (1)
- malware (497)
- Mark Smail (1)
- Mark Wright (1)
- Mel Duvall (3)
- Michael Eggebrecht (3)
- Michael Lohr (1)
- Michael O'Conner (4)
- MicroSolved (1)
- Mike Duncan (3)
- Mike Meikle (4)
- Mike Spinney (1)
- Military (207)
- national security (449)
- PCI (304)
- PCI Security Standards Council (32)
- Physical Security (11)
- privacy (548)
- Rachel James (10)
- reach (7)
- Rebecca Herold (16)
- Richard Stiennon (44)
- Robert Siciliano (34)
- Sarbanes-Oxley (498)
- ScamStop (2)
- Sean Wilkins (2)
- Semyon Dukach (1)
- Simon Heron (14)
- Software Associates (11)
- Steven Fox (19)
- SUPERAntiSpyware (3)
- Sybase (6)
- Symplified (5)
- The Jester (8)
- The Privacy Professor (16)
- Thomas R. Fox (8)
- Tom Groenfeldt (2)
- Tom McLain (2)
- Trefis (14)
- Tripwire (18)
- Uncategorized (621)
- virtualization (97)
- Webcast (49)

Copyright © 2008 To Present · Information-Security-Resources.com (Permissions and Disclaimers) You are welcome to use, for any lawful purpose, the information that WE write and post to this site, provided that you link to and attribute Information-Security-Resources.com and the author(s). Any 3rd-party material linked to or referenced on this site is subject to the rights of the owners of that material.

We provide business consulting services. We do NOT provide legal or financial advice. There is no attorney / client relationship, or any privilege associated with our services. Nothing expressed on this site, or in association with our services, should be taken as legal counsel or financial advice. The opinions expressed on this site are the personal opinions of the writer(s), not those of any other individuals or organizations.

Theme: Copyright © 2008 · Revolution Code Blue designed by Brian Gardner

Information-security-resources.com is part of the Infosec Island network.