Microsoft Released Ten Patches for 34 Vulnerabilities
Microsoft released 10 patches on June 8, 2010 to address a record number of vulnerabilities (34) as part of its June 2010 security update.
Microsoft along with third party security experts disclosed that vulnerabilities in Internet Explorer and Windows could result in drive-by download attacks. The software giant released fixes to these vulnerabilities on Patch Tuesday. Hackers are expected to employ social engineering tactics to direct users to infected websites and media files.
Among the 10 patches, three patches received the highest severity level - "critical" while the remaining received rating - "important."
One flaw - a Windows kernel TrueType font parsing vulnerability - received the rating of most critical on Patch Tuesday by Joshua Talbot, security Intelligence Manager, Symantec, as reported by NetworkWorld on June 8, 2010.
The exploitation of this flaw using drive-by download attack would empower the attacker to enjoy almost system-level privileges. It is uncertain that the attackers would infect a website to make use of this vulnerability. Hence, users are warned that they should remain cautious against social engineering tricks that ask them to visit unfamiliar web-pages containing a malicious font.
The TrueType vulnerability was a part of the Security Bulletin MS10-032 - one among the ten issued by Microsoft on Tuesday.
Besides, the bulletin MS10-033 received the critical rating and fixes two vulnerabilities in Windows that could result in the execution of malicious code. The bulletin is crucial for Windows media commonly used among social networking applications. These vulnerabilities could be abused by viewing a specially designed media file or joining to a malicious server.
Furthermore, the bulletin MS10-035 fixes six vulnerabilities in Internet Explorer, including the zero day. The vulnerability became public in February 2010 and could lead to information disclosure. The vulnerability could be exploited on machines equipped with Windows XP or those which have deactivated Internet Explorer Protected Mode.
The users are advised that they should patch the vulnerabilities as soon as possible. Apart from ensuring the complete protection, the users should use their common sense and stay away from the Internet dark alleys along with the second documents and guess or links. They should take precaution while opening links sent by family members, co workers and family, said the security experts.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 16-06-2010