Posted By: ITWiser Webmaster - Yorkshire's IT Specialists
Posted By: Designers Wysi
Don't Rely On Patch Tuesday to Protect You from Zero-Day Exploits
On the second Tuesday of every month, Microsoft rolls into town on its Patch Tuesday tour, releasing regular security patches to ensure our systems are protected. Of course, most of us would rather Patch Tuesday was not an event at all, much preferring that any security exploits were fixed as soon as they were discovered, instead of once a month on the second day of the week. However, it is good to know that Microsoft is doing something to look after its users.
This month’s Patch Tuesday saw the Redmond-based company release ten new security bulletins, fixing 33 vulnerabilities, two of which were marked critical and eight as important.
The two critical updates are naturally those that will get the most attention, and are both related to Internet Explorer. According to The Register, one of these patches (MS13-037) fixes use-after-free vulnerabilities and information leaks in versions 6 to 10 of the Microsoft web browser, while the other (MS13-038) tackles the zero-day remote-code-execution in version 8 of Internet Explorer, which was exploited by a malicious code and affected the US Department of Labor website. The zero-day was publically disclosed on May 3rd and is also present in IE 9, although, Microsoft has said that no known attack vendors exist.
The eight patches that are categorised as important relate to a range of Microsoft technologies and products including Word, Publisher, Lync, Visio, .NET framework and the Windows kernel.
Also getting in on the Patch Tuesday act this month were Adobe and Mozilla. The former publishing updates for three of its products: ColdFusion, Reader and Acrobat, and Flash, while the latter rolled out Firefox 21.0, fixing eight security issues and carried out maintenance to its Thunderbird email client.
Make sure you are secured
The fact that Microsoft has been fairly quick to respond to IT security issues is a relief and shows that they are striving to actively protect those that rely on the company’s software. However, the fact that they are currently releasing critical patches every month is a major worry and one that needs to be addressed, not only by Microsoft, but also by the individual user.
Zero-day exploits being fixed 11 days later is not a great help to those that are affected (in this case the US Department of Labor), which is why Cloud Web Security is essential.
With tablets now being used alongside laptops and desktops in offices, Cloud Web Security is a cost-effective method of ensuring all devices are protected from zero-day threats. Cloud security is able to safeguard against viruses and allow moderators to configure polices that prevent employees from visiting malicious and dangerous websites.
Patch Tuesday is a good thing, but you should not rely on the second Tuesday of each month for system protection. Contact ITWiser today to find out more about our Cloud Web Security service.