Read more of this story at Slashdot.
Feeds
34730 items (30217 unread) in 5 feeds
OpenSource
(5766 unread)
-
SourceForge.net: Front page news
(802 unread)
-
Slashdot: IT (4964 unread)
Security
(11367 unread)
-
Digg / Security (11367 unread)
Linux
(13084 unread)
-
-
Slashdot: Linux (1660 unread)
Slashdot: IT
-
Security Firm Reveals Microsoft's "Silent" Patches
Posted: May 6th, 2010, 9:23pm CEST by timothy
Tags: security
CWmike writes "Microsoft silently patched three vulnerabilities last month, two of them affecting enterprise mission-critical Exchange mail servers, without calling out the bugs in the accompanying advisories, a security expert said on Thursday. Two of the three unannounced vulnerabilities, and the most serious of the trio, were packaged with MS10-024, an update to Exchange and Windows SMTP Service that Microsoft issued April 13 and tagged as 'important,' its second-highest threat ranking. Ivan Arce, CTO of Core Security Technologies, said Microsoft patched the bugs, but failed to disclose that it had done so — which could pose a problem. 'They're more important than the [two vulnerabilities] that Microsoft did disclose,' said Arce. 'That means [system] administrators may end up making the wrong decisions about applying the update. They need that information to assess the risk.'"