Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Lumension Comments On The Impact Of Microsoft's June Patch Tuesday

Lumension Security : 10 June, 2010  (Technical Article)
Three critical updates count among the patches released by Microsoft which cover a wide variety of the company's products and operating systems prompting Lumension's advice for IT Administrators to set a high priority on protecting their networks from the associated vulnerabilities
It's been a heavy week of patches from Microsoft this week, as the company warned users on Tuesday that they have released ten security bulletins -- three of which are critical, seven are rated important and all of which include an explicit or possible restart warning.

Alan Bentley, VP international for Lumension comments: "The impact of this week's update will be felt enterprise-wide, as the bulletins cover a large portion of Microsoft's range of operating systems, infrastructure products, and Office products - so it is strongly recommended that IT administrators investigate and prioritise this patch load as soon as possible.

Some highlights of the announcement from Microsoft include:

Three critical updates - all were ranked at the top of the exploitability rankings and were identified by Microsoft as top distribution priorities for customers

- MS10-033 - This update eliminates multiple low-level media management vulnerabilities that enable "drive-by exploits" where viewing a media element in a webpage or an email is all that is required to be attacked. This update is required for all platforms and should be considered the top priority in this group of patches.

- MS10-034 - A cumulative update of Active X kill bits that addresses two Microsoft controls as well as four other controls from 3rd party ISVs.

- MS10-35 - A cumulative update for Internet Explorer that addresses six different vulnerabilities. Microsoft reports that only one of the vulnerabilities was publically known and they are unaware of any active exploits for these vulnerabilities.

Two Security Advisories are being closed off by updates coming out today:

- SA #983438 - identified an elevation of privilege vulnerability in Microsoft Sharepoint
- SA #980088 - covered a information-disclosure vulnerability in Internet Explorer

Two updates for Microsoft Office, both rated as "Medium" severity, are also rated high on the exploitability scale and have remote-code-execution vulnerabilities, so organisations should definitely pay close attention to these updates as well. They are: MS10-036 and MS10-038.

Also of note, recent news from Kaspersky Labs reported that Adobe was the number one target for hackers in Q1 2010. The report details that Adobe products were the target of nearly half of all detected exploits. Additionally, last week Adobe acknowledged vulnerabilities in Flash, Reader, and Acrobat that reportedly have exploits circulating in the wild. A patch for Flash Player 10.x for Windows, Macintosh, and Linux is expected by June 10, 2010 with a patch for Reader and Acrobat following on or about June 29, 2010. We would encourage IT administrators to carefully track these upcoming updates from Adobe along with today's releases from Microsoft."
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo