Security Advisor

Admins Busy on All Bug-Squashing Fronts in April

• By Jabulani Leffall
• 04/19/2011

April is a month known for many things: the dawning of spring, Easter, Passover, April Fools' Day. In the IT security world, it'll be known as a month of flushing out what seemed like an historic number of vulnerabilities plaguing the products and services of some of the world's biggest tech companies. Let April be known as bug month.
 
The kicker is, the months' not over yet. Most of the vulnerabilities were either patched or disclosed within the last week alone.

Let's start with Redmond and its unprecedented rollout of 17 patches for 64 vulnerabilities. One patch, designed for vulnerabilities in the Windows Kernel Mode Driver, addressed 30 bugs by itself, something never seen before.

Next, Oracle this Tuesday released a "critical" update for 73 vulnerabilities. Granted, the high number of bugs is mainly because Oracle doesn't patch monthly, but if you're a Windows IT pro running an Oracle database or ERP system sitting on a Windows OS, you don't care about the patch cycle. What would concern you is that you're dealing with these as well as the ones from Redmond.

Apple ended last week with its release of security updates for iOS (iPhones, iPad and iPods) Safari and and a cumulative patch for the Mac OS X.

No, we're not done yet: Adobe patched a critical bug found in Flash Player for Windows, Macintosh, Linux, Solaris and Google's Android mobile OS.
 
This barrage of security updates may mean that as a Windows IT admin manager or staffer, you could have 50-plus bugs to patch over different operating systems apps and system architecture from as many as three vendors. Happy Bug Month! And happy hunting.
 
Elevation of Privilege Still Haunts Windows 7
A new report from BeyondTrust suggests that the vast majority of security threats from Microsoft vulnerabilities can be mitigated if user rights are restricted to local rights.
 
The company also says that its findings demonstrate that "Windows 7 has not slowed the pace of vulnerabilities leveraging administrative access."
Among the key takeaways from the study, removing administrator rights at the non-essential user lever would better protect enterprise environments against the exploitation of:

• Approximately 75 percent of "critical" Windows 7 vulnerabilities reported  by Microsoft to date.
• Every single Microsoft Office application bug reported in 2010 and 64 percent of all Microsoft vulnerabilities reported in 2010

Of course, like many reports by security software shops, there's a business development angle. BeyondTrust believes it has the answer to some of these access control issues for Windows users. The company announced its latest version of what it calls "privilege management" software for desktops PCs, which will include a suite of functions  to improve the automation, creation and management of policy rules.

BeyondTrust suggests that this program, or other software like it, will help IT administrators streamline the process of who gets access to what in Windows processing environments.
 
Iranian General Blames Siemens for Stuxnet
Remember Stuxnet, the scourge of Windows systems from last year? So does one particular Iranian general, who this week blames Siemens AG for creating the worm as part of a cyber espionage program backed by the U.S. and Israel.
 
Speaking to Iranian state media, General Gholam Reza Jalali cited Symantec and Langner Communications Gmbh research that suggests that Stuxnet was designed to infiltrate Iran's nuclear enrichment program, burrow itself in the Iranian supervisory control and data acquisition (SCADA) system governing its plant operation and then force gas centrifuge motors to spin at what Iranian official called unsafe speeds.
 
While the researchers' and general's claims are as yet unsubstantiated, perhaps the unintended consequence of a worm created for cyberwarfare is that one of the most sophisticated pieces of malware ever produced went on to affect Windows PCs that managed large-scale, industrial-quality control systems all over the world.
 
No matter what the origin of Stuxnet, the implications for IT security are clear, present and also very dangerous.