Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

34 vulnerabilities plugged in Microsoft's latest patch update

Symantec : 15 October, 2009  (Technical Article)
Symantec provides details of the bumper Microsoft patch update for October containing a record 13 bulletins
Tuesday was the biggest Patch Tuesday ever as Microsoft released 13 security bulletins which address 34 vulnerabilities, 22 of which are rated critical. This is the highest number of vulnerabilities addressed in a single month by Microsoft. The previous record being 31, set in June of this year.

Included in this month's release are patches for two vulnerabilities previously made public—one in Server Message Block Version 2 (SMBv2) and another in Internet Information Services.

"We're pleased that Microsoft released a patch for the SMBv2 vulnerability today," said Ben Greenbaum, senior research manager, Symantec Security Response. "The vulnerability was made public last month. We've yet to see a highly reliable exploit for it. Although we have seen limited attempts to exploit this vulnerability, we're glad to see this fixed before widespread attacks occur."

Microsoft also released the first ever security update for the release-to-manufacturing version of Windows 7.

"The update that addresses vulnerabilities in Windows 7 relates to the Active Template Library issues Microsoft has been working on for a number of months now," Greenbaum added. "It essentially disables additional faulty ActiveX controls created using the library that have been distributed across Windows users' machines."

The vulnerabilities addressed in Internet Explorer and the GDI+ graphics library are serious as well. The GDI+ graphics library is what Windows uses to determine how to interact with certain graphics files that users encounter during everyday computer use.

"The primary danger the GDI+ graphics library and Internet Explorer vulnerabilities pose is that these vulnerable components are present on the majority of Windows machines," Greenbaum said. "Many of the issues addressed today are fairly trivial to exploit. For example, via a drive-by-download style attack. In that case, all a computer user would have to do to become infected by an attack using one of these vulnerabilities is unsuspectingly visit a compromised Web site."

Symantec strongly encourages users to patch their systems against these vulnerabilities and advises customers to follow these security best practices:

- Install vendor patches as soon as they are available
- consider implementing an automated patch management solution to help mitigate risk
- Run all software with the least privileges required while still maintaining functionality
- Avoid handling files from unknown or questionable sources
- Never visit sites of unknown or questionable integrity
- Block external access at the network perimeter to all key systems unless specific access is required

Please visit the Symantec Security Response Weblog for more information and let me know if you are interested in speaking with a Symantec expert about any of these security vulnerabilities.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo