Microsoft, RIM, Oracle release critical patches

Microsoft kept things to a minimum with its first set of security updates for 2009, but corporate system administrators who were expecting a quiet week got something else altogether, thanks to Oracle and Research In Motion.

Oracle is expected to release its quarterly Critical Patch Update Tuesday, which will include 41 security patches in its database and enterprise software products.

On Monday, RIM released an “interim” patch for its BlackBerry Enterprise Server and BlackBerry Professional Software, fixing a critical flaw in the way those servers process PDF documents.

Microsoft’s update is important, too. It fixes three bugs in the Windows Server Message Block (SMB) file and print service. “An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft said in its Security Bulletin explaining the problem.

The update is rated critical for Windows 2000 , XP and Windows Server 2003, but moderate for Vista and Windows Server 2008.

Because of the nature of these flaws, Microsoft doesn’t think that it’s likely that attackers will be able to write attacks that let them install unauthorized software on a victim’s machine, but one hacker has already released code that he says can be used to make an unpatched Vista system crash. That’s known as a Denial of Service (DoS) attack.

In a Tuesday blog posting explaining the risks of an attack, Microsoft said that corporate users should patch “SMB servers and Domain Controllers immediately since a system DoS would have a high impact.”

Although there will be a lot of new enterprise patches by day’s end, Qualys Chief Technology Officer Wolfgang Kandek said he expected that most users would start with the Microsoft fix and take much more time to test the Oracle and BlackBerry updates. “People have high value systems running on this, so they’re very leery to disrupt their operations,” he said.

ITWorld Canada Security Resources:

Assessment is the key to plugging security holes

Mainframes offer a traditional approach to new IT security challenges

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now