HEAT Security Blog

Light Patch Load from Microsoft This Month – But More than Enough Work to Go Around

This Patch Tuesday wasn’t very large, but it was serious. Two of the patches we saw were in Windows, and the third in Office. All patches addressed issues providing for remote code execution, which is top of mind for IT flaw remediation specialists.

If you’re using the Remote Desktop Client, MS11-017 should be your top priority followed by MS11-015 and finally MS11-016. Those not using Remote Desktop Client but regularly sending / receiving large media files should focus on MS11-015 first.

Microsoft may have cleaned up a lot of loose ends with the release of Windows 7 and Windows Server 2008 R2 Service Pack 1 last month, leaving little to address this Patch Tuesday. That being said, the patches released today did not address the recently disclosed MHTML issues and we expect a resolution in April’s patch release.

Other notable activity this Patch Tuesday period was the Google Android Kill-Switch patch that remotely removed 58 malicious applications from 260,000 Android Phones.

Since the release of the iPhone, Apple has taken a lot of heat from the user community over their decision to effectively whitelist and explicitly control which applications are permitted to run on their iPhone product. Many ran to the Android as an alternative because of its more open stance on applications where anyone can write an Android application and place it the Android Market.

The wake-up call came for Android owners a little more than a week ago when over 50 malicious applications were found uploaded and distributed in the Google Android Market. Google removed them a few days later but not before an estimated 260,000 people downloaded the affected applications.  This event effectively illustrates the differences in the whitelist approach employed by Apple and the inherently reactive blacklist model Google uses.

This is a classic case of the blacklist model in contrast to the whitelist model.  Apple chose to deploy their product having explicit control of the applications and Google chose to blacklist. 

It will be interesting to see how this increasingly mobile landscape continues to evolve and how the bad guys evolve in their ability to exploit it.