PDA

View Full Version : Microsoft releases biggest-ever set of security patches



thelostone
13-10-2010, 11:26 AM
Microsoft released its largest-ever set of security patches Tuesday, fixing a total of 49 bugs in products such as Windows, Internet Explorer and Office.
There are 16 groups of patches (called updates) in total. Microsoft says that two of them, the Internet Explorer fix numbered MS10-071 and a Windows patch numbered MS10-076, should get top priority. Microsoft thinks attack code is likely to be developed that will target bugs fixed by both of those updates.
NCircle Director of Security Operations Andrew Storms agrees that those two updates should be a top priority as they could be leveraged in a drive-by Internet attack. In this common type of attack, a hacker tricks the victim into visiting a Web page that takes advantage of the bug to install a malicious program on the victim's machine.
The MS10-71 update fixes 10 Internet Explorer bugs. Two are rated critical, meaning they could be used in a drive-by. The MS10-076 update fixes a single critical flaw in the Windows Embedded OpenType (EOT) Font Engine, used by Internet Explorer. The latest versions of Windows include a security technology called ASLR (address space layout randomization) which makes it harder to exploit that type of bug, Microsoft believes attackers are likely to develop attacks for older versions of the operating system such as Windows XP.

The two other top-rated updates are MS10-077, a fix for a bug in Microsoft's .Net Framework that affects 64-bit systems, and MS10-075, which fixes a critical flaw in the Microsoft Windows Media Player Network Sharing Service, used by Windows to share music files and other media over the network. This service is turned on by default with Windows 7 Home Edition, but a hacker would have to first be on the local network to launch an attack, Microsoft said.
Just because the other fixes are not rated critical does not mean they can be ignored. Symantec says 35 of the 49 bugs fixed on Tuesday could give hackers a way to run unauthorized software on a victim's machines, and Microsoft says attacks are likely to be developed that exploit some of the lower-rated issues as well.
In fact, one of Tuesday's updates , MS10-073; rated important by Microsoft, fixes a Windows XP bug that was leveraged by the creators of the Stuxent worm. Stuxnet is the first publicly known worm built to attack industrial systems and it has made headlines during the past weeks amidst speculation that it was designed to target nuclear systems in Iran.

moh
13-10-2010, 07:53 PM
thanks for the post thelostone.

billyboy1963
13-10-2010, 08:24 PM
MS software has more bugs than the rainforest so not surprised to hear about so many patches

Diablo13
13-10-2010, 09:19 PM
Microshaft may indeed have many faults in their software, but at least they do regularly update their protection systems to compensate for them!
Like any living thing technology grows and develops all the time, so unforseen faults develop and viruses are made to specifically attack those faults. It is therefore impossible to make a completely bug free system and all you can do is rely on the software "doctors" to keep developing up to date inoculations and patches to keep your systems healthy. :-?