Patch Tuesday for Microsoft
Microsoft’s June Security Advance Notification
Microsoft is planning to release ten bulletins addressing 34 vulnerabilities on Tuesday, June 8th. The bulletins are rated as follows: 3 “Critical” and 7 “Important”. The affected software includes: Windows, Microsoft Office, and Internet Explorer. Additionally, Microsoft plans to address the issues highlighted in Security Advisories 983438 and 980088. We encourage our customers to review the vendor’s Advance Notification and associated blog post.
http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx
http://blogs.technet.com/b/msrc/archive/2010/06/03/june-2010-security-bulletin-advance-notification.aspx
Mobile Malware
Reports have surfaced this week indicating that Samsung’s S8500 Wave handsets were shipped with a malware-infected microSD card. Reportedly, some German models of this device are affected. Once the device is connected to the computer, it automatically installs a Trojan using a file called “slmvsrv.exe.”
While this is an example of a mobile device being shipped with malware, there are ways that attackers can utilize different functionality to distribute their malware. For instance, the Multimedia Message Service (MMS) can be used as a vector for sending malware to unsuspecting victims. Many mobile phones and PDAs available today are capable of communicating via Bluetooth, a protocol designed for short range communication between electronic devices. Simple social engineering attacks have effectively convinced Bluetooth users to pair their devices with complete strangers, giving them unrestricted access to data on the victim’s phone. Additionally, many modern mobile phones and PDAs now run robust, feature-rich operating systems and offer the same or similar applications as PCs. Individuals increasingly use them to store personal data and conduct financial transactions which gives attackers more incentive to find and exploit vulnerabilities in the software.
Several major security vendors now provide security applications and anti-virus software for mobile users. Cellular service providers also offer some protection to their customers automatically by scanning for specific types of malicious code as data traverses the network. Bluetooth should be disabled while not in use and should never respond to unsolicited connection attempts. Although the level of mobile attacks is currently relatively low, it is still important for organizations to be aware of the potential threat.
http://www.engadget.com/2010/06/02/samsung-wave-shipping-with-infected-microsd-card/
http://www.f-secure.com/weblog/archives/00001959.html
In: Security · Tagged with: microsoft, Patches, Security, Vulnerabilities