Microsoft Takes Aim at Hackers with Record Number of Patches
On Tuesday 18 November, software giant Microsoft released a record-breaking 14 patches for its flagship Windows operating system; Office and Internet Explorer software. A further patch has since been added with one still scheduled to make an appearance, totalling 16 security patches in quick succession.
The patches address five critical vulnerabilities which could have potentially allowed hackers to remotely access and execute programs on target systems, take over the machines, run anonymous spam campaigns and steal personal information. The critical changes are summarised below.
Problem with Windows Object Linking and Embedding (OLE)
This could have allowed remote execution of code if the user visited a website containing malicious code, a ploy often delivered through a spam email.
Internet Explorer Security Patch
A cumulative patch for Internet Explorer that addresses the browser’s vulnerability to certain types of malicious websites.
Microsoft Secure Channel Update
Windows Server was vulnerable to attack from specially crafted data packets. One of the security updates fixes this issue.
Microsoft XML Core Services
This patch was put in place to plug a hole that allowed Microsoft XML Core Services to be called upon from a malicious website that would remotely execute code on a target system.
Before the MS14-068 patch, which was the later critical update, Windows authentication system Kerberos was vulnerable to allowing users to escalate privileges to access domain administrator level. A further eight ‘important’ — the next security level down — patches have also been added, as well as two moderate updates. Full details of all November security updates are available from Microsoft here.
It is standard practice for Microsoft to release security updates — the company runs a monthly ‘patch Tuesday’ initiative — but since it started, there has never been quite so many updates released in one month.
The security updates come just as the head of the City of London police, Commissioner Adrian Leppard, told the Financial Times that Islamic militants are very likely to attempt a cyber attack against major Western financial institutions. Leppard said:
‘There could be a very serious impact to the financial institutions of the world through a cyber attack and I think it’s a very strong likelihood that it will happen one day in the future, which is why we’ve got to push back and take action now before it happens.’
A strategic anti-spam choice for governments and public administrations, MailCleaner can also give your business a reliable anti-spam system, which can act as your first line of defence from spam-delivered malware and security breaches.