(Page 2 of 2) "Microsoft's careful due diligence and adherence to their strict update processes may end up causing more confusion than clarity with this fix," Storms said. "It's probably best not to spend too much time analyzing -- just install the patch as soon as you can, and then move on."
Beyond Patch Tuesday
We also turned to Paul Henry, a forensic security analyst at Lumension, to get his overview of recent security issues IT admins need to know about. He told us IT admins should also focus on Patch Tuesday issues outside of Microsoft and pointed to a recent Forbes report that reveals an estimated 10 million credit cards were breached at Global Payments between Jan. 21 and Feb. 25.
"Oracle released patches for 88 issues that impact over 35 Oracle products," Henry said. "An apparent misunderstanding by a security researcher reviewing the Oracle patch release has also led to the release of an exploit that remains unpatched.
Meanwhile, he said, the Apple Flashback malware is now reportedly creating cash flow for the bad guys. Symantec estimates that with the size of the botnet, revenues could exceed $10,000 per day. He predicts more issues ahead.
"Another embarrassing Apple issue is the apparent release of a fix three months ago by Apple that left a debug option enabled in FileVault," Henry said. "This caused passwords to be saved in plain text in a log file outside of the encrypted area. Worse yet for those users that are using Time Machine for backups, their passwords may have been repeatedly stored in Time Machine unencrypted. Pending a patch from Apple, Lion users should immediately activate FileVault 2, which can be found in the Security & Privacy setting in System Preferences."
|
