Soft sailing in September patch run

Powered by SC Magazine
 

But crypto upgrade may make for a rough October.

Microsoft will release two easy Patch Tuesday bulletins rated 'important' to address four issues in Visual Studio Team Foundation Server and System Center Configuration Manager and address privilege elevation flaws.

"The first patch, rated important, will apply to Visual FoxPro, which is a set of tools used to create and manage high-performance, 32-bit database applications and components," Trustwave SpiderLabs security research director Ziv Madorat said.

“The second patch, also rated important, will apply to System Center Configuration Manager, which helps manage physical, virtual and mobile clients with things like application delivery, desktop virtualisation and security.”

nCircle security operations director Andrew Storms said September patch run will be a "very light month".

"IT security teams shouldn't be lulled into a false sense of security though, they should use this time to get caught up applying existing patches and to change or replace cryptographic key lengths on the certificates used for older Microsoft systems.”

Some administrators will be sent scrambling next month to update cryptographic keys for Public Key Infrastructure in line with Redmond's move to increase key length to at least 1024 bits for Windows platforms dating back to XP. 

The security boost was flagged last year and will block programs from interacting with systems that use keys shorter than 1024 bits. Internet Explorer, for example, will not be able to access secure sites that use certificates with short keys.

Angela Gunn from Microsoft's Trustworthy Computing flagged a series of errors which adminstrators of legacy architecture may experience.

  • Error messages when browsing to web sites that have SSL certificates with keys that are less than 1024 bits
  • Problems enrolling for certificates when a certificate request attempts to utilize a key that is less than 1024 bits
  • Difficulties creating or consuming email (S/MIME) messages that utilize less than 1024 bit keys for signatures or encryption
  • Difficulties installing Active X controls that were signed with less than 1024 bit signatures
  • Difficulties installing applications that were signed with less than 1024 bit signatures (unless they were signed prior to Jan. 1, 2010, which will not be blocked by default)

With Darren Pauli.

Copyright © SC Magazine, UK edition


Soft sailing in September patch run
 
 
 
Top Stories
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
What InfoSec can learn from the insurance industry
[Blog post] Another way data breach laws could help manage risk.
 
A ten-point plan for disrupting security
[Blog post] How can you defend the perimeter when it’s in the cloud?
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Pass on carbon tax savings, warns ACCC
Jul 24, 2014
The ACCC is warning businesses that supply "regulated goods" to pass on any cost savings ...
Have customers that won't pay debts?
Jul 10, 2014
The ACCC and ASIC have updated their advice when it comes to collecting debts.
Carpet cleaner faces court over online testimonials
Jul 4, 2014
The ACCC has initiated proceedings against A Whistle (1979) Pty Ltd, the franchisor of Electrodry...
You can now get 15GB of free online storage using Microsoft OneDrive
Jun 25, 2014
Cloud storage has reached both the capacity and price where it's a viable alternative to local ...
Another clever trick you can perform with Xero
Jun 25, 2014
Here is another way to reach out to particular subsets of your customers using Xero.
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  27%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  21%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1044

Vote