|
| Register for our Free Newsletters |
|
 |
|
|
|
|
|
|
|
|
| Other Carouselweb publications |
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
Critical Vulnerabilities Require Fast Patching
|
|
Symantec
: 14 October, 2010 (Technical Article) |
|
|
Symantec comments on the latest Microsoft patch update that addresses the most vulnerabilities ever recorded in a single month |
|
|
Today, Microsoft issued a record 16 security bulletins which address 49 vulnerabilities, five of which Microsoft has rated as critical.
"Microsoft has broken several of its own Patch Tuesday records this year, but this month far surpasses them all," said Joshua Talbot, security intelligence manager, Symantec Security Response. "Perhaps most notable this month is the number of vulnerabilities that facilitate remote code execution. By our count, 35 of the issues fall into this category. These are bugs that could allow an attacker to run any command they wish on vulnerable machines."
"One of the two remaining Stuxnet-related zero day vulnerabilities was also fixed today," Talbot added. "Stuxnet uses the Win32 Keyboard Layout Vulnerability to gain administrator privileges on infected computer systems. This functionality ensures that none of the threat's malicious actions get blocked on targeted systems due to lack of permission."
"The vulnerability addressed in the Embedded OpenType Font Engine is perhaps the most likely to be widely exploited," Talbot concluded. "Similar vulnerabilities have seen extensive exploitation in the past. Since this particular issue affects so many Windows operating systems and can be exploited via Web browser, it's likely to get the immediate attention of attackers."
Symantec strongly encourages users to patch their systems against all vulnerabilities addressed this month.
Please visit the Symantec Security Response blog for more information and also let me know if you're interested in speaking with a Symantec expert in greater detail about any of the vulnerabilities addressed this month.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
