Patches – and plenty of them – took center stage this week
as two big software companies shipped substantial updates. Some alarming news
also broke regarding the growing number of botnets operating out of the U.S. Read on for the full week in review.
Microsoft’s
band of patches, pushed Tuesday, sent out 16 updates, fixing 49 vulnerabilities.
Among those addressed: Flaws in Internet Explorer on XP through Windows 7 alongside
tweaks for SharePoint and Microsoft’s.NET Framework. Additionally, MS010-073, a
hole in win32k.sy that was previously
exploited by the relentless Stuxnet was patched.
In addition to patches, Microsoft
released a new tool this week – the SDL Regex Fuzzer – in hopes of
identifying bad code that could expose programs to harm. Limiting attacks that
guzzle up memory and more importantly, money, are the focus of this new fuzzer,
now available in the company’s Download Center.
And, if your IT staff didn’t have its hands full with
Microsoft’s patch storm, software giant Oracle decided to pile on top: issuing
updates for its Java software on Tuesday, including fixes for 29 bugs, some
which allowed attackers to remotely control infected machines, were fixed in
Java SE and Java for Business.
On the subject of threats and attacks, we had some sobering
stats were released about botnets on Wednesday. According to a report put
out by Microsoft, the U.S. is now the home of more bot-infected computers than
any other country, nearly four times as many as Brazil. This, despite the
publicized takedown of two prominent botnets in recent months: Pushdo
and Waledac.
There was a 100% increase from 2009
between January and June, when Microsoft cleaned 6.5 million computers. While
some of these massive botnets may be waning, the number of infected computers
continues to rise.
With mobile phone security becoming a new battlefield for
malware, some companies are stepping up their game. Early HTC G2 adopters can
attest after discovering
last week their rooted phones had reverted to their original settings
following a restart. It remains to be seen if HTC’s actions will become a new
trend but Dennis
took the point on Thursday, detailing the wants vs. needs of each side.
Of course, it wouldn’t be a week in security these days if
there wasn’t news on Stuxnet. Earlier
this week, the European Network and Information Security Agency warned the
European Union about the complications of the virus. Citing its
sophistication, ENISA called the buzzed worm a “paradigm shift,” alerting it
could be a sign of malware to come.
What’d you find interesting this week? Do you agree with
ENISA, will Stuxnet change the tides of security? What about smart phone
technology? Will more cell phone manufacturers modify their phones to prevent
attacks?