|
| Register for our Free Newsletters |
|
 |
|
|
|
|
|
|
|
|
| Other Carouselweb publications |
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
Symantec Comments On Microsoft Patch Release For June
|
|
Symantec
: 10 June, 2010 (Technical Article) |
|
|
With a serious Windows kernel vulnerability among the bulletins released by Microsoft this week, Symantec is recommending that system administrators don't delay in applying the patches |
|
Microsoft has issued 10 security bulletins which address 34 vulnerabilities, six of which the company has rated as critical.
"The most serious is the Windows kernel TrueType font parsing vulnerability," said Joshua Talbot, security intelligence manager, Symantec Security Response. "Exploiting this—likely through a drive-by download attack—would give an attacker near system-level privileges. It's doubtful that attackers would compromise a legitimate site to exploit this vulnerability, so users should be extra cautious of social engineering tricks coaxing them to visit unfamiliar Web pages, which could contain a malicious font."
"Two of the Internet Explorer memory corruption vulnerabilities—CVE-2010-1259 and CVE-2010-1262—are also noteworthy," Talbot added. "There were multiple exploits for at least one very similar vulnerability late last year. This will likely make these newly addressed issues trivial to exploit. It's likely an attacker would only have to slightly modify the existing exploits to take advantage of these new vulnerabilities. "
"This is the largest Microsoft patch release of 2010 and ties the record for the most vulnerabilities ever addressed in a single month; a record set in October of last year," Talbot concluded. "This month's release also features the largest ever single bulletin, with 14 vulnerabilities in Excel being addressed together."
Symantec strongly encourages users to patch their systems against all vulnerabilities addressed this month.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
