Microsoft patches record 40 vulnerabilities
Posted on 14 December 2010.
Today Microsoft released 17 security bulletins which address 40 vulnerabilities affecting Microsoft Office, Windows, Internet Explorer, SharePoint Server and Exchange.

This brings the total count for 2010 to 106 bulletins. Of note, only two of the bulletins are rated Critical, 14 are rated Important and one is Moderate.


In addition to the bulletins released today, Microsoft is announcing plans to extend the Office File Validation feature currently available in Office 2010, to Office 2007 and 2003. This will help protect those using older versions of Microsoft Office from file parsing vulnerabilities.

In particular, Microsoft recommends that systems administrators prioritize the following Critical bulletins:
  • MS10-090 addressing vulnerabilities in Internet Explorer.
  • MS10-091 addressing vulnerabilities in Windows.
Qualys CTO Wolfgang Kandek points out the following interesting vulnerabilities:
  • MS10-092 is the last fix for the Stuxnet family of vulnerabilities; others were MS10-046, MS10-061 and MS10-073. MS10-092 addresses a flaw in the Task Scheduler that can be used by a local user to gain system privileges and applies only to Windows Vista, Windows 7 and Windows 2008.
  • MS10-102 is an attack on Microsoft Hyper-V and while it is "only" a denial of service attack, it illustrates a coming class of vulnerabilities where a user on a guest operating system can shutdown the host operating system on a virtual machine and multiply the impact on the attacked infrastructure.
To learn more about patching challenges and techniques read our interview with Wolfgang Kandek who offers his extensive knowledge on the subject.





Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //