|Network Security Consulting SecurityFocus Article
Microsoft Patches Host Integration Server, Office
Microsoft patched at least 20 vulnerabilities in its software on Tuesday, giving details of eleven major security issues in its first release to qualify the exploitability of each of the vulnerabilities.
The company released eleven security bulletins detailing the security holes, including critical issues in the company's Active Directory software, Internet Explorer software, Host Integration Server (HIS) software and Microsoft Office Excel. The most serious issue could be the HIS vulnerability, according to researchers at network security firm nCircle.
"It is absolutely vital for customers to find and remediate this vulnerability as quickly as possible," Sheldon Malm, director of security research for the firm, said in a statement. "Host Integration Server is the de facto gateway linking Windows hosts to business critical mainframes and AS/400 systems, which in turn host databases and Customer Information Control System (CICS) applications that are believed to run in 90 percent of Fortune 500 corporations."
For the first time, the software giant gave a measure of the exploitability of each flaw, rating the Host Integration Server issue -- and seven other vulnerabilities -- as "1 - Consistent exploit code likely," according to Microsoft's bulletin summary. The software giant has also signed up more than 20 companies as partners under its Microsoft Active Protections Program (MAPP), allowing the companies advanced notice of future patches and possible defenses for the partners' customers.
Eleven of the vulnerabilities affected Microsoft's Office productivity suite and its Internet Explorer browser, a trend that continues to show researchers' interest in major client-side applications.
"Again this month we are seeing a large number of client-side vulnerabilities with IE and Office as targets," Tyler Reguly, a security engineer with nCircle, said in the company's analysis of the flaws. "As the number of these continue to increase we really need to rethink what the average user considers to be a trusted application."
A vulnerability in Microsoft's Windows Internet Printing Service had been exploited in targeted attacks on some of the software giant's customers, Microsoft said in its advisory.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos