Security Patches and Service Packs from Microsoft and Others

April 9, 2009

A common problem for Microsoft business clients of Onsite Computer Services in New Orleans is failure to install security patches and service packs in a timely manner.

Increasingly, attackers are using common file formats as carriers for malware exploits. Most modern e-mail and instant messaging programs are configured to block the transmission of potentially dangerous files by extension. However, these programs typically permit the transmission of popular file formats such as Microsoft Office and Adobe Portable Document Format (.pdf). These formats are used legitimately by many people every day, so blocking them has been avoided. This has made them an attractive target for the creators of exploits.

The most frequently-exploited vulnerabilities in Microsoft Office software were also some of the oldest. 91.3 percent of attacks examined exploited a single vulnerability for which a security fix had been available for more than 2 years (CVE-2006-2492).  The most common locale for victims was US English, accounting for 32.5 percent of all incidents, followed by Chinese (Traditional) with 15.7 percent of incidents.
In most cases, the application versions attacked did not have up to date service packs applied.

For each version, the clear majority of the attacks affected the release to manufacturing (RTM) version of the application suite that had no service packs applied. In the case of Office 2000, for example, 100 percent of attacks affected the RTM version of the application suite, released in 1999, despite numerous service packs and other security updates having been released for the suite beginning in 2000.

Use of the PDF format as an avenue of attack rose very sharply in second half of 2008, with attacks in July amounting to more than twice as many as in all of the first half of 2008 combined, and continuing to double or almost double for most of the remaining months of the year.
Two vulnerabilities accounted for all of the attacks in the sample files examined (CVE-2008-2992 and CVE-2007-5659). Both vulnerabilities have security updates available from Adobe; neither of the vulnerabilities exists in current versions of affected Adobe products.

Onsite Computer advises the timely application of security patches and service packs to all PCs in an effort to eliminate frequently exploited vulnerabilities in software like Microsoft Office and Adobe Reader.

If you’re searching for New Orleans computer service or repair of your Microsoft based system or network, then call the Microsoft specialists at 504-469-6991. Onsite Computer Services, Inc. in New Orleans

You may also be interested in Onsite Computer’s Blog.

This New Orleans On-Site Computer Service post was provided by Eli Lucas. Eli can be reached at eli@onsitenola.com. Onsite Computer serves the Microsoft computing needs of small businesses throughout the Greater New Orleans area including Uptown, Lakeview, Broadmoor, Mid-City, Metairie, Jefferson, Kenner, Westbank, French Quarter, and the Warehouse District. Please visit our website for New Orleans Computer Service.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: