Microsoft fixes over 50 serious security flaws

Make sure your systems are patched as

Microsoft fixes over 50 serious security flaws50 serious security flaws

We see updates and patches delivered to our systems on a regular basis. These are delivered for us to apply when convenient. The problem is sometimes it is quicker and easier not to apply the updates. Microsoft issue updates for a reason. Failing to apply these when issued can lead to vulnerabilities being exploited and systems compromised.

Last week we saw a patch which addressed security holes in Outlook. The hole allows an attacker to run malicious code. Code may be delivered by opening an attachment or visiting a web page. Even viewing an email in a preview pane will be sufficient. Turn off preview panes.

Microsoft have issued their detail on how the hole may be exploited:-

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

More information on the specific patch MS10-064 Vulnerability in Microsoft Office Outlook could allow remote code execution

Microsoft apply levels of importance to updates and patches. A language update maybe assigned a non-critical status however this was assigned as critical. Critical updates must be applied.

With the coming of GDPR (General Data Protection Regulation) it will be our responsibility to make sure systems are secure. It will become a requirement we apply updates and maintain an audit of updates.

A solution

For Small and Medium sized businesses the process of patching and maintaining and audit of systems may become distracting. The better course of action is to delegate this to a Managed Service Provider.

Computer Network Services Ltd, located in Huntingdon Cambridgeshire, provides a monitored service to ensure all systems are updated. A report generated on a convenient schedule can be sent to a delegated officer within your business. This will create and satisfy the audit requirements of GDPR.

Why not give us a call today on 01480 414143 or get in touch to arrange a consultation.

Comments are closed