InformationWeek – Security > Microsoft Fixes Record Number of Vulnerabilities

Welcome Guest | |

Home
Global CIO 2010
Case Studies
Special Features
Interviews
Top News
Section
Vertical
- BFSI
- IT/ITES
- Government
- FMCG
- Telecom
- Manufacturing
- Pharma
- Services
Special Property
Editor Zone
Analytics & Reports
International News

| | | | | | | | | | |

Security

Microsoft Fixes Record Number of Vulnerabilities
The company's June Patch Day included 10 security bulletins to fix 31 threats in Microsoft products By Thomas Claburn, June 10, 2009

Microsoft recently released a substantial set of software patches, addressing 31 vulnerabilities with 10 security bulletins.

That's the largest number of vulnerabilities fixed in a single day since the company began issuing regular patches on the second Tuesday of every month in October 2003.

The company's June Patch Day includes six bulletins designated "critical," three "important," and one "moderate."

Affected software includes: Active Directory on Microsoft Windows 2000 Server and Windows Server 2003; Active Directory Application Mode when installed on Windows XP Professional and Windows Server 2003; Windows Print Spooler; Internet Explorer; Microsoft Office Word; Microsoft Office Excel; Microsoft Works Converters; Windows remote procedure call; Windows kernel; Microsoft Internet Information Services; and Windows Search.

Not included is a patch for a known vulnerability in Microsoft DirectX's DirectShow that can be exploited through a maliciously crafted QuickTime file. In late May, Microsoft issued a security advisory stating that the DirectShow-QuickTime vulnerability could be used "as a browse-and-get-owned attack vector."
However, Microsoft has provided a clickable button on its support site that will disable QuickTime parsing and protect systems vulnerable to this flaw.

A fix for the IIS WebDAV flaw that Microsoft warned about in mid-May is included.
Four of the 10 bulletins in the June patch cycle address publicly disclosed vulnerabilities.

Tas Giakouminakis, CTO of Rapid7, observed in an e-mailed statement that attackers are taking advantage of vulnerabilities faster than ever before. "We've seen the patch window for Microsoft vulnerabilities shrink to the point where vulnerabilities are being exploited on the day the patches are released or even prior to that," he said.

Bulletin MS09-019 includes a fix for the vulnerability exploited by a hacker "Nils" at the 2009 CanSecWest Pwn2Own competition. "Nils" exploited this vulnerability on an earlier IE8 build, so Microsoft doesn't expect to see this vulnerability exploited in the wild against users of Vista or Windows 7.

Andrew Storms, director of security operations for nCircle, said in an e-mailed statement, "Client-side, browser-based vulnerabilities continue to top the charts for threats, so every user should put [MS09-019] at the top of their 'install immediately' list."

blog comments powered by Disqus

Top Stories

Webcast (On Demand)

"The Social Organization"
Attend Webcast on "The Social Organization" presented by Mark McDonald, Ph.D. Group Vice President, Gartner Fellow, Gartner Executive Programs - He discusses the approaches necessary to bring social media technology together with people to create mass collaboration and transform the way you work. This webcast discusses why it’s important to become a social organization rather than just having social media. Attend this webcast on Demand

Interview

CIOs must leverage social media to increase their presence in the boardroom
Arun Sundararajan, NEC Faculty Fellow and Associate Professor at New York University’s Stern School of Business, discusses with InformationWeek the relevance of social media to the overall business, and how CIOs must handle social media

BankTech India - IT News for BFSI Segment

We're on Google+

InformationWeek India on Facebook