IT Brief New Zealand logo
Story image

Symantec responds to latest MS update

16 Apr 2010

The security firm has warned that April will be an important month for IT administrators.

Earlier this week Microsoft released a major raft of security fixes its monthly Patch Tuesday update. Symantec said that Microsoft issued 11 security bulletins which address 25 vulnerabilities, nine of which Microsoft rated as critical.

Oracle and Adobe will also be releasing security updates in the near future. Oracle will address 47 vulnerabilities and Adobe is issuing fixes for both Acrobat and Reader. “The critical Microsoft WinVerifyTrust signature validation vulnerability can be used to really enhance social engineering efforts,” said Joshua Talbot, Security Intelligence Manager, Symantec Security Response. “Targeted attacks are popular and since social engineering plays such a large role in them, plan on seeing exploits developed for this vulnerability.” “It allows an attacker to fool Windows into thinking that a malicious program was created by a legitimate vendor,” Talbot added. “If a user begins a download and they see the Windows’ notification telling them who created it, they might think twice before proceeding if it’s from an unfamiliar source. This vulnerability allows an attacker to force Windows to report to the user that the application was created by any vendor the attacker chooses to impersonate.” Talbot believes that April is going to be quite the month for IT administrators. “With a large number of patches coming from Microsoft and Oracle, including two from Microsoft for public vulnerabilities, and a handful more patches from Adobe, automating the patching process becomes even more critical to ensure that nothing slips through the cracks.”