nsane.forums Posted December 14, 2010 Share Posted December 14, 2010 Microsoft on Tuesday delivered a beefy set of patches addressing 40 vulnerabilities across Windows, Office, Internet Explorer, SharePoint Server and Exchange. Of the bunch, two bulletins were rated critical and 14 were important. As expected, MS10-090 was the biggest bulletin. This one addressed a bevy of IE problems affecting IE 6, 7 and 8. By McAfee's count, Microsoft has rounded out the year with 106 security bulletins, the highest number in history. That tally is also a big jump over the 74 security bulletins released in 2009. Microsoft patched 266 vulnerabilities this year. Microsoft said in its blog post that it also patched three vulnerabilities in Windows OpenType Font driver. There are no reported attacks on the font driver. Microsoft also said it addressed the last known vulnerability exploited by the Stuxnet malware. The Stuxnet patch isn't deemed critical. Here's an abbreviated version of Microsoft's deployment priority chart. View: Original Article Link to comment Share on other sites More sharing options...
nsane.forums Posted December 15, 2010 Author Share Posted December 15, 2010 Patch Tuesday update includes 17 bulletins Microsoft has posted its final scheduled security update for 2010. The company said that the December 'Patch Tuesday' release would include 17 bulletins which address a total of 40 different security vulnerabilities. The bulletins include fixes for vulnerabilities in Windows, Internet Explorer, Office, SharePoint and Exchange. Of the 17 flaws, just two were rated as critical and listed by Microsoft as top deployment priorities. The two critical bulletins addressed remote code execution vulnerabilities in Internet Explorer and the Windows OpenType Font driver component. If targeted, the flaws could allow an attacker to install and execute arbitrary code without user interaction or notification. All but one of the remaining bulletins address issues which Microsoft has rated as "important," the third of its four alert levels. Those fixes include remote code execution and privilege escalation vulnerabilities in Windows, Office and SharePoint. The final bulletin addresses a flaw which could allow an attacker to perform a denial of service attack on a Microsoft Exchange Server system by way of a specially-crafted network message. The company has classified the flaw as a 'moderate' security risk and recommends that users carefully configure their firewall settings to help prevent server attacks. December's update adds to a growing list of recent security releases. Google, Mozilla and Real Networks recently put out patches of their own. For McAfee Labs director of security research and communications Dave Marcus, the update is part of a growing tide of major security updates presented to administrators. "It seems the majority of Patch Tuesday’s are bringing record numbers of updates, and other applications from Adobe, Oracle have increasing numbers as well," said Marcus. "The threat landscape is clearly broadening, and if organizations wait to patch, it gives cybercriminals an opportunity to exploit data." View: Original Article Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.