A patchy understanding of security investment
Another day and another Microsoft patch or two ... The need to install more fixes should be no surprise to the majority of corporations, but oddly most vulnerabilities still go unchecked, leaving many organizations open to attack.
The most recent Microsoft security patches, MS03-026 and MS03-027, have been designated as ‘critical’ and ‘important’ respectively. The critical one, MS03-026, can cause some nasty damage if left untouched, leaving a buffer overrun that can allow hackers to execute code, install programs, create new accounts and more - all with local system privileges. The MS03-027 patch remedies an ‘unchecked buffer’ found only in Windows XP, which could allow attackers to compromise the system and enable their own code to run.
[ Read more ]