Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

October 2009 MS Patch Tuesday Voice of Reason:

  • 14 October, 2009 11:57

<p>This month, Microsoft issued 13 security bulletins which address 34 vulnerabilities, 22 of which are rated as critical. This is the highest number of vulnerabilities addressed in a single month by Microsoft. The previous record was 31, set in June of this year.
Included in this month’s release are patches for two vulnerabilities previously made public—one in Server Message Block Version 2 (SMBv2) and another in Internet Information Services.</p>
<p>“We’re pleased that Microsoft released a patch for the SMBv2 vulnerability today,” said Ben Greenbaum, senior research manager, Symantec Security Response. “The vulnerability was made public last month. We’ve yet to see a highly reliable exploit for it. Although we have seen limited attempts to exploit this vulnerability, we’re glad to see this fixed before widespread attacks occur.”</p>
<p>Microsoft also released the first ever security update for the release-to-manufacturing version of Windows 7.</p>
<p>“The update that addresses vulnerabilities in Windows 7 relates to the Active Template Library issues Microsoft has been working on for a number of months now,” Greenbaum added. “It essentially disables additional faulty ActiveX controls created using the library that have been distributed across Windows users’ machines.”</p>
<p>The vulnerabilities addressed in Internet Explorer and the GDI+ graphics library are quite serious as well. The GDI+ graphics library is what Windows uses to determine how to interact with certain graphics files that users encounter during everyday computer use.</p>
<p>“The primary danger the GDI+ graphics library and Internet Explorer vulnerabilities pose is that these vulnerable components are present on the majority of Windows machines,” Greenbaum said. “Many of the issues addressed today are fairly trivial to exploit. For example, via a drive-by-download style attack. In that case, all a computer user would have to do to become infected by an attack using one of these vulnerabilities is unsuspectingly visit a compromised Web site.”</p>
<p>Symantec strongly encourages users to patch their systems against these vulnerabilities. In addition, enterprises are encouraged to consider implementing an automated patch management solution to help mitigate risk.</p>
<p>Please visit the Symantec Security Response Weblog for more information and let me know if you are interested in speaking with a
Symantec expert about any of these security vulnerabilities.</p>
<p>The Symantec Security Response blog can be viewed here:
Additional information on Microsoft’s security bulletins can be found here:</p>
<p>Press Contacts:</p>
<p>Jasmin Athwal</p>
<p>Max Australia</p>
<p>+61 2 9954 3492</p>
<p>Debbie Sassine</p>
<p>+61 2 8220 7158</p>

Most Popular

Editor's Recommendations

Solution Centres


View all events Submit your own security event

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Media Release

More media release