Among its monthly bulletins announced this week, Microsoft announced a fix for vulnerability so old that if it was a person it could vote and have a driver’s license. Interestingly, it is a very serious bug that could be exploited to take control of the user’s computer, yet there is no indication that it has ever been exploited.
The flaw was apparently introduced in Windows 95 and can be exploited remotely using VBScript introduced in IE 3.0. Researchers from IBM’s X-Force security research and development unit reported the bug last May.
Another critical bug dealt with this month is a remote code execution vulnerability in the Microsoft Secure Channel (Schannel) security technology that enables SSL/TLS for Windows. There have been no know exploitations of this bug, but flaws in SSL/TLS have been a particular concern this year because of the Heartbleed flaw revealed in April and the disclosure of POODLE last month.
SSL/TLS is essential to e-Commerce and other financial transactions because it provides secured, encrypted communication. Such flaws, under certain circumstances, could allow hackers to intercept and read communications between a client (browser) and a server.
The Heartbleed flaw impacts users of OpenSSL on Apache servers. It requires that you update your OpenSSL with the latest software patches, then revoke and reobtain your SSL certificates. To address the POODLE fault, disable SSL 3.0 on all servers and browsers.
Comodo antivirus for the desktop and the enterprise is the best solution for preventing such breaches and Comodo Securebox will actually allow you to operate business as usual on an infected computer.