Microsoft works to patch 26 bugs, warns of future attacks
SUBNET Solutions Inc | Wednesday, June 13, 2012
Microsoft announced on June 13 that on Tuesday it patched 26 vulnerabilities, warned customers that a new zero-day attack was possible and stated that it had contained another bug that was supported by the data-gathering Duqu worm.
According to Computerworld, the software giant said one of the vulnerabilities in Internet Explorer had already been exploited. Of the seven security updates distributed on the company's Patch Tuesday, three were deemed "critical," the company's highest ranking of threat. Four others were rated "important," the next highest class of risk.
Of the 27 bugs, only one came as a surprise to Microsoft, the company said. The vulnerabilities included 10 critical, 14 important and two "moderate" threats. Experts said MS12-037 was the most highly valued patch, as it addressed 13 bugs that affected all versions of Internet Explorer, including the version of the web browser found on the Windows 8 Consumer Preview.
"It's always important to get an IE update deployed," said Jason Miller, manager of research and development at VMware, noting the browser's widespread use in business, and in turn the huge number of potential victims.
Microsoft stated that one of the vulnerabilities had already been used by hackers, and that applying the patch was urgent.
"Microsoft is aware of limited attacks attempting to exploit the vulnerability," the company said in a release, giving no more information on the state of the exploits.
According to ZDNet, BeyondTrust CTO Marc Maiffret said the the Internet Explorer issues were the most pressing of the bunch.
"Given the value of Remote Code Execution on RDP there will surely be a lot of folks trying to weaponize that vulnerability," he said. "Only time will tell if people are successful with this RDP flaw where they were not with the one in March."
With more utilities adopting smart grid technologies, their critical infrastructure has become susceptible to such attacks. However, utilities that use Windows operating systems benefit from the regularly updates and patchwork issued by Microsoft, which address the most immediate concerns for its customers. This, compared to a reactive approach to cyber security, ensures vulnerabilities are dealt with in a timely manner, lowering the chances they could lead to cyber attacks.
SUBNET, a Microsoft Certified Gold Partner, runs the software in many of its products, providing utilities with the cyber security promised by the international computing giant.
Substation Cyber Security