October 2009 MS Patch Tuesday Voice of Reason:
- 14 October, 2009 11:57
<p>This month, Microsoft issued 13 security bulletins which address 34 vulnerabilities, 22 of which are rated as critical. This is the highest number of vulnerabilities addressed in a single month by Microsoft. The previous record was 31, set in June of this year.
Included in this month’s release are patches for two vulnerabilities previously made public—one in Server Message Block Version 2 (SMBv2) and another in Internet Information Services.</p>
<p>“We’re pleased that Microsoft released a patch for the SMBv2 vulnerability today,” said Ben Greenbaum, senior research manager, Symantec Security Response. “The vulnerability was made public last month. We’ve yet to see a highly reliable exploit for it. Although we have seen limited attempts to exploit this vulnerability, we’re glad to see this fixed before widespread attacks occur.”</p>
<p>Microsoft also released the first ever security update for the release-to-manufacturing version of Windows 7.</p>
<p>“The update that addresses vulnerabilities in Windows 7 relates to the Active Template Library issues Microsoft has been working on for a number of months now,” Greenbaum added. “It essentially disables additional faulty ActiveX controls created using the library that have been distributed across Windows users’ machines.”</p>
<p>The vulnerabilities addressed in Internet Explorer and the GDI+ graphics library are quite serious as well. The GDI+ graphics library is what Windows uses to determine how to interact with certain graphics files that users encounter during everyday computer use.</p>
<p>“The primary danger the GDI+ graphics library and Internet Explorer vulnerabilities pose is that these vulnerable components are present on the majority of Windows machines,” Greenbaum said. “Many of the issues addressed today are fairly trivial to exploit. For example, via a drive-by-download style attack. In that case, all a computer user would have to do to become infected by an attack using one of these vulnerabilities is unsuspectingly visit a compromised Web site.”</p>
<p>Symantec strongly encourages users to patch their systems against these vulnerabilities. In addition, enterprises are encouraged to consider implementing an automated patch management solution to help mitigate risk.</p>
<p>Please visit the Symantec Security Response Weblog for more information and let me know if you are interested in speaking with a
Symantec expert about any of these security vulnerabilities.</p>
<p>The Symantec Security Response blog can be viewed here: http://www.symantec.com/business/security_response/weblog/
Additional information on Microsoft’s security bulletins can be found here: http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx</p>
<p>+61 2 9954 3492</p>
<p>+61 2 8220 7158</p>
- Critical infrastructure: Off the web, out of danger?
- IBM preps Watson to watch enterprise smartphones and IoT devices
- Bitcoin rise fuels social media scams
- Man arrested for $100m email fraud scam against multinational tech firms
- Could AI-powered multi-factor authentication kill the password at last?