Today is Patch Tuesday. Microsoft patched more than two-dozen vulnerabilities. There are Seven Bulletins, Three of the vulnerabilities are Critical which effect the Internet Explorer (IE), Windows, and .NET Framework.
Bulletin MS12-037 contains 13 security fixes for IE. MS and some of the other Security Researchers view this as one of the most important to deploy. BeyondTrust CTO Marc Maiffret states, “This is probably one of the most severe bulletins because exploit code is likely to be created for one or more of these vulnerabilities, which leads to the potential for drive-by malware attacks across all revision of IE. “This, in our opinion, is one fo the more important sets of patches to roll out as soon as possible.”
MS released 8 security bulletins today and 23 vulnerabilities. Two of the eight bulletins were critical that affected IE, .Net Framework and MS Silverlight. MS so released the 11th volume of SIRv11 the Security Intelligence Report.
MS Jerry Bryant discuss SIRv11 and the Security Updates in the video below:
Today’s Patch Tuesday update is small. This update includes a critical single bulletin and two important one.
MS 11-015 is rated critical and occurs in DirectShow, Windows Media Player and Windows Media Center.
MS 11-016 is listed as important. It is aimed to resolve a vulnerability with MS Groove. This vulnerability could allow an outside entity to remotely execute code if a user opens a legitimate file in the same network directory.
MS 11-017 is the final important update. This update has a vulnerability in Windows Remote Desktop Client that could allow remote code execution if a use opens a Remote Desktop configuration file (.rdp) located in the same network folder as a “specially library file,” according to Microsoft. “For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.”
Today is Microsoft last Update for 2010 and it’s a large update. The 17 security bulletins will address 40 vulnerabilities that will impact Internet Explorer and MS Windows.
All versions of MS OS will receive updates: Win XP, Server 2003 & 2008, Vista and Win 7. MS Office products that will be updated are: MS XP, Office 2003, 2007, 2011 and MS Office SharePoint Server 2007.
MS released more bulletin in 2010 than in previous years; the total bulletins released this year is 106. Mike Reavey director of Microsoft Security Response Center said that the increase number is “partly due to vulnerability reports in Microsoft product increasing slightly, as indicated by our latest Security Intelligence Report.”
MS released 49 fixes for Patch Tuesday; the following are affected Windows, IE (Internet Explorer) and .NET.
The Bulletins included in this update are:
- MS10-071 – Security Update for IE 6, 7 and 8
- MS10-073 – Vulnerability in Windows Kernel
- MS10-075 – Critical Vulnerability in Media Player
- MS10-076 – Critical Vulnerability in Open Type Font Engine that could allow Remote Open Execution
- MS10-077 – Could affect OS Win XP, Vista, Win 7, Win Ser 2003 and 2008