Phishing and other cyberattacks could leverage the recently patched vulnerabilities

Jun 12, 2013 09:07 GMT  ·  By
Users and organizations are advised to apply June 2013 patches as soon as possible
   Users and organizations are advised to apply June 2013 patches as soon as possible

Microsoft has released five security bulletins as part of its June 2013 Patch Tuesday. Experts advise users and organizations (especially organizations) to apply the patches as soon as possible to protect their networks against cyberattacks.

“Some users may take this few bulletins lightly and delay updating their systems with these fixes. However, now is not the right time to be lax security-wise (there’s actually no ‘right’ time to be lax when it comes to security),” Trend Micro’s Gelo Abendan noted.

Abendan highlights the fact that Anonymous’ OpPetrol is about to be launched soon and organizations from all over the world are targeted.

“Such attacks usually exploit vulnerabilities to penetrate their targets’ networks, usually to get more information which they can use to further harm their victims,” the expert said.

“Every little vulnerability can be taken against you, thus it is important to guard your systems from attacks.”

GFI Software has also issued guidance to organizations. The company highlights the fact that the Internet Explorer vulnerability patched by Microsoft can be exploited for phishing attacks.

According to experts, such attacks can cause severe IT disruptions for a company, as well as risk of financial and reputation loss.

“Phishing attacks look to exploit software vulnerabilities, whether it is a Microsoft or third-party application, and it is therefore important to deploy all critical patches for any affected software,” said Cristian Florian, product manager at GFI Software.

“Loopholes in software that expose organisations to phishing attacks can be tricky to manage due to the vast array of applications and in particular multiple web browsers now in everyday use. Putting a patch management policy in place and a means to test patches allows organisations to see how a patch will affect applications and systems without compromising live desktops and servers,” Florian added.

“However, with every update there is a chance that things can go wrong, and it is important that businesses ensure their Patch Tuesday doesn’t turn into a Crash Wednesday once all patches have been deployed and employees restart their machines.”

On the other hand, Florian notes that organizations should not deploy patches without testing their impact first, especially when it comes to server side updates.