Microsoft patches record 40 vulnerabilities
Posted on 14 December 2010.
Today Microsoft released 17 security bulletins which address 40 vulnerabilities affecting Microsoft Office, Windows, Internet Explorer, SharePoint Server and Exchange.

This brings the total count for 2010 to 106 bulletins. Of note, only two of the bulletins are rated Critical, 14 are rated Important and one is Moderate.


In addition to the bulletins released today, Microsoft is announcing plans to extend the Office File Validation feature currently available in Office 2010, to Office 2007 and 2003. This will help protect those using older versions of Microsoft Office from file parsing vulnerabilities.

In particular, Microsoft recommends that systems administrators prioritize the following Critical bulletins:
  • MS10-090 addressing vulnerabilities in Internet Explorer.
  • MS10-091 addressing vulnerabilities in Windows.
Qualys CTO Wolfgang Kandek points out the following interesting vulnerabilities:
  • MS10-092 is the last fix for the Stuxnet family of vulnerabilities; others were MS10-046, MS10-061 and MS10-073. MS10-092 addresses a flaw in the Task Scheduler that can be used by a local user to gain system privileges and applies only to Windows Vista, Windows 7 and Windows 2008.
  • MS10-102 is an attack on Microsoft Hyper-V and while it is "only" a denial of service attack, it illustrates a coming class of vulnerabilities where a user on a guest operating system can shutdown the host operating system on a virtual machine and multiply the impact on the attacked infrastructure.
To learn more about patching challenges and techniques read our interview with Wolfgang Kandek who offers his extensive knowledge on the subject.





Spotlight

The role of the cloud in the modern security architecture

Posted on 31 July 2014.  |  Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //