Microsoft patches record 40 vulnerabilities
Posted on 14 December 2010.
Today Microsoft released 17 security bulletins which address 40 vulnerabilities affecting Microsoft Office, Windows, Internet Explorer, SharePoint Server and Exchange.

This brings the total count for 2010 to 106 bulletins. Of note, only two of the bulletins are rated Critical, 14 are rated Important and one is Moderate.


In addition to the bulletins released today, Microsoft is announcing plans to extend the Office File Validation feature currently available in Office 2010, to Office 2007 and 2003. This will help protect those using older versions of Microsoft Office from file parsing vulnerabilities.

In particular, Microsoft recommends that systems administrators prioritize the following Critical bulletins:
  • MS10-090 addressing vulnerabilities in Internet Explorer.
  • MS10-091 addressing vulnerabilities in Windows.
Qualys CTO Wolfgang Kandek points out the following interesting vulnerabilities:
  • MS10-092 is the last fix for the Stuxnet family of vulnerabilities; others were MS10-046, MS10-061 and MS10-073. MS10-092 addresses a flaw in the Task Scheduler that can be used by a local user to gain system privileges and applies only to Windows Vista, Windows 7 and Windows 2008.
  • MS10-102 is an attack on Microsoft Hyper-V and while it is "only" a denial of service attack, it illustrates a coming class of vulnerabilities where a user on a guest operating system can shutdown the host operating system on a virtual machine and multiply the impact on the attacked infrastructure.
To learn more about patching challenges and techniques read our interview with Wolfgang Kandek who offers his extensive knowledge on the subject.





Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //