This week sees Microsoft’s regular Patch Tuesday update rolled out to users. The updates come accompanied with jargon filled notes, but CBR has raked through the fluff to tell you what is included.
1) 37 fixes against Internet Explorer hijacking
The popularity of Microsoft’s web browser has long made it a lucrative target for hackers, and as such the software requires regular patching. This fix for 37 vulnerabilities protects users from hijacking by hackers, with a "critical" patch rating assigned by the firm because systems could be attacked with minimal action on the user’s part.
The update also highlights the importance of restricting appropriate user privileges, which carries risks beyond insider threat. Microsoft said: "Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights." Users of Internet Explorer 6 and later versions should patch.
2) DDoS attacks blocked in .NET update
Distributed denial of service (DDoS) attacks are so common you can actually watch them unfold live on the internet. This update for the .NET programming framework protects websites against a specific form of denial of service attack.
The vulnerability is said to only affect those who have downloaded the ASP.NET framework for developing web applications and registered it with the Internet Information Services (IIS) web server. Those who have only installed the default .NET version will be unaffected, according to Microsoft.
3) Windows Task Scheduler protected against privilege snatching
A bug privately reported to Microsoft could have allowed hackers to advanced their user privileges, though only if they had credentials to access the system. Though this flaw cannot be exploited remotely, server admins should not be complacent about the insider threat it could enable.
Hackers who exploit the vulnerability are said to be able take full control of the system in the worst case scenarios. Windows 8 users are advised to apply the patch, or alternatively turn off the Task Scheduler through the registry settings at their own risk.
4) Microsoft Lync Server shielded against crashing
Microsoft’s enterprise messaging software was found to be vulnerable to two separate denial of service attacks and one data snatching bug. The worst bug allowed hackers to crash a Lync server by sending a "specially crafted" request to it.
Though the flaw is thought unlikely to be exploited, the company recommends clients update their systems. It added that clients can reduce risk to their firms by reading emails in plain text or blocking ActiveX controls and Active Scripting through their web browser.
