Patch time for Symantec and Microsoft

Symantec and Microsoft have issued new patches for vulnerabilities, which both claim are no big deal.

Both Symantec and Microsoft have issued new patches for vulnerabilities, which both claim are no big deal.

Symantec has issued a patch for a vulnerability in its corporate anti-virus software that could allow an unauthorised person to access a company's servers.

The flaw, in Version 9 of its Anti Virus Corporate Edition product, exposes the server log-in name and password used by the administrator who authorises updates to the software. Symantec said it was unaware of any users that had been affected by the vulnerability, which it rated medium risk.

Meanwhile, Microsoft alerted users to a problem in Windows Firewall that could be exploited by attackers as part of a broader system infection. The flaw is in the way Windows Firewall displays exception entries created by administrators to allow incoming network connections. If an exception is created in the registry, it will not be displayed in the Windows Firewall user interface, meaning users might not be able to spot the exception entry.

Microsoft suggested such registry entries would rarely be created under ordinary circumstances, but could be used by an attacker who has already compromised the system to create malformed registry entries with the intention of confusing a user.

Sometimes it is all to do with degrees. A security “hole” can become a “vulnerability” or just a “flaw”, depending on who is describing it. Eventually, someone will no doubt magically transform “insecure” into “locktight”.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close