Jump to content

13 security updates on the forthcoming Microsoft Patch Tuesday


nsane.forums

Recommended Posts

nsane.forums

The forthcoming round of updates is to be the first to include official security updates for Windows 7. Microsoft also plans to close the holes in the SMB2 implementation and an FTP hole under IIS5 and IIS6 which has been known for six weeks

view.gif View: Original Article

Link to comment
Share on other sites


  • Replies 1
  • Views 946
  • Created
  • Last Reply
  • Administrator

Microsoft to patch zero-day SMB, IIS holes

Microsoft on Thursday said it will provide a fix next week for zero-day flaws in Microsoft Server Message Block (SMB) and Internet Information Services (IIS) that could allow an attacker to take control of a computer.

Those are just two of the 34 vulnerabilities addressed in 13 bulletins (eight of which are critical and five of which are rated important) that will be fixed during Patch Tuesday, according to a blog post on the announcement. The bulletins affect Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools, and SQL Server, the advisory shows.

The SMB flaw was reported a month ago. At the time, Microsoft said it affected Vista, Windows Server 2008, and the "release candidate" version of Windows 7, but not the final version that was completed in July. Windows Server 2008 R2 is not vulnerable, and neither are the earlier Windows XP and Windows 2000 operating systems.

Microsoft, which previously released a temporary fix for the SMB hole, reported the IIS flaw in the File Transfer Protocol in August. Its its advisory says there have been limited attacks that use the IIS flaw exploit code, which was posted on the Milw0rm Web site, according to IDG News Service.

Update 2:56 p.m. PDT: Also on Thursday, Adobe Systems announced that it will release an update Tuesday that will resolve a critical vulnerability in Adobe Reader and Acrobat 9.1.3 and earlier on Windows, Macintosh and Unix that has reportedly been exploited in the wild in limited targeted attacks.

"Adobe Reader and Acrobat 9.1.3 customers with DEP enabled on Windows Vista are protected from this exploit," Adobe said in an advisory. "Disabling JavaScript also mitigates against this specific exploit, although a variant that does not rely on JavaScript could be possible."

Source

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...