Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

17 Bulletins Issued For December

Shavlik Technologies : 15 December, 2010  (Technical Article)
Jason Miller of Shavlik comments on Microsoft's patch release for December consisting of 17 bulletins
"Microsoft has released 17 new security bulletins addressing 40 vulnerabilities in the December 2010 edition of patch Tuesday. This is yet another record breaking month for the number of security bulletins released at one time; although, only two of the bulletins are rated as critical.

The first bulletin that needs to be addressed is MS10-090. This bulletin addresses seven vulnerabilities in Internet Explorer. One of the vulnerabilities, as explained in Microsoft Security Advisory 2458511, is being actively exploited in the wild. Over the weekend, Microsoft saw an uptick in attacks against the vulnerability. These attacks are primarily being conducted against Internet Explorer users in China and Korea. With any security bulletin that is being actively attacked, it is critical that you deploy this to your network immediately.

The second bulletin that should be addressed immediately is MS10-091. This bulletin addresses and issue with the OpenType Font Driver. If a shared folder that contains a malicious OpenType font file is viewed, an attacker could run code in the Windows kernel. In order for a successful exploit, an attacker must convince a user to open a share that contains a malicious OpenType font file. If the folder has thumbnail view set, no user interaction is required for a successful exploit. If the folder has any other folder view set (such as detail), the user must open the malicious file to be exploited.

Five of the bulletins released today address a common issue, but each bulletin affects different components. All five bulletins (MS10-093, MS10-094, MS10-095, MS10-096, and MS10-097) address the Insecure Library Loading issue identified in August by Microsoft. This issue was detailed in Microsoft Security Advisory 2269637. At the time of the release of the advisory, Microsoft announced that patches would be coming for any affected products they found. It is not surprising these five bulletins were released. Products that are affected by this vulnerability are still being found by Microsoft.

If you have applied the workaround detailed in the Microsoft knowledge base article 2264107, machines on your network cannot be attacked by this vulnerability. It is still important though to apply any security patches vendors release.

This is the time of the year where maintenance windows may be tight due to the holidays, vacations and office closures. With 17 bulletins, take the time to thoroughly review each bulletin and identify which bulletins require your immediate attention."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo