De Secure List: Microsoft Security Updates October 2015 (13/10/2015)

Saludos, nuevamente.

Ayer me llegó este post de la lista de distribución de Secure List:

Microsoft Security Updates October 2015
by Kurt Baumgartner

Microsoft releases six Security Bulletins today, three of them “critical” remote code execution, to fix almost thirty CVE-enumerated vulnerabilities. None of them are known to be publicly exploited, and only a couple are known to be publicly discussed. So, this round yet again demonstrates Microsoft’s continued commitment to proactive security software maintenance. A dozen of these CVE were reported by researchers working with HP’s Zero Day initiative, and a kernel memory corruption vulnerability credited to md5 “dbc282f4f2f7d2466fa0078bf8034d99”.

Patches go out this month for vulnerable Microsoft software that could be used as an attack vector:

  • Internet Explorer
  • Windows system components

– VBScript and JScript engines through Internet Explorer
– VBScript and JScript engines through embedded ActiveX objects opened in Microsoft Office documents

  • Microsoft Edge
  • Windows “Shell” (related to Toolbar processing) on standard Windows workstations and laptops, and tablets
  • Microsoft Excel (for Windows and Mac)
  • Microsoft SharePoint
  • Office Web Apps
  • Excel Viewer
  • Microsoft Office Compatibility Pack
  • Windows Boot Configuration Data (BCD) parser effecting Windows Vista+
  • Windows File System Components

 

While the urgency does not seem to be quite as high as past months, please update your Microsoft software asap.

As of today, HP’s Zero Day initiative maintains over 300 advisories. Of course, the usual suspects are in there like Adobe, Apple, Oracle, and Microsoft, but it’s most interesting that the bulk of them are unrelated to these names. Microsoft is not at the top of the list, regardless of the prevalence and complexity of their software. Instead, upcoming serious advisories mostly cover bugs in IoT, embedded, SCADA and ICS related software from Advantech, Tibbo, Schneider Electric, Proface, Unitronics, and Ecava.

Acerca de Hector Suarez Planas

Es Licenciado en Ciencia de la Computación (3 de julio de 2002). Ha sido Administrador de Red en varias organizaciones, Programador y Analista de Sistemas. Actualmente se desempeña como Administrador de Red del Telecentro Tele Turquino de Santiago de Cuba. Tiene experiencia con sistemas Windows y GNU/Linux, Infraestructura de Redes (Cisco, AlliedTelesis, Netgear y HP ProCurve, Vyatta/VyOS), Servidores tanto físicos como virtuales (plataformas VMWare, Proxmox VE y Xen), Sistemas de Seguridad Informática (Snort/Suricata IDS, appliances AlienVault OSSIM), programador (Delphi, C++ Builder, Perl [poco], Python [algo]), entre otras cosas. Actualmente estoy incursionando en todo lo que tiene relación con Cloud Computing (OpenStack) y Centros de Datos. :-)
Esta entrada fue publicada en Microsoft Update, Seguridad. Guarda el enlace permanente.

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *