Microsoft Issues Hitherto Largest Update Under Patch Tuesday Cycle
Microsoft, on October 12, 2010, issued 16 security bulletins under its latest update cycle of Patch Tuesday.
A total of 49 security flaws were addressed with the Microsoft's record making bulletin. The flaws reportedly affected Internet Explorer, Windows, the .NET Framework, and Microsoft Office. Notably, the patches included one fix which addressed a 0-day flaw that Worm Stuxnet abused.
Remarking about Stuxnet, Security Intelligence Manager Joshua Talbot of Security Response at Symantec the security company stated that the worm utilized the Win32 Keyboard Layout flaw for acquiring administrator rights over an infected PC. EWeek.com published this on October 12, 2010. According to Talbot, the feature made sure that no malicious action of Stuxnet got prevented, when it targeted the computer, on account of permission deficiency.
And while Microsoft has issued a patch for the flaw that Stuxnet exploits, specialists state that the entire thing implies that there continues to be one open 0-day bug, which Stuxnet uses.
Worryingly, as per a Microsoft blog, the flaws are kept separated since exploits are expected to exist for them.
Meanwhile, under the latest Patch Tuesday, the 1st security bulletin is MS10-071, which addresses vulnerability within IE 6, 7 and 8. This vulnerability lets attackers compromise a PC if the user be made to access a malevolent website. The 2nd bulletin, MS10-076 is associated with Windows Server 2003 and 2008, Windows Vista, XP and Windows 7.
Next is MS10-077 that's associated with the same OSs. The attack mediums highly expected are whilst the affected PC running 64-bit Windows accesses a malevolent website alternatively whilst the attacker manages towards running ASP.Net script on 64-bit Internet Information Services (IIS) server for executing random code.
Last is MS10-075 that's assigned a "critical" rating in the case of Windows 7 and merely "important" in the case of Vista. The bulletin corrects a flaw within Microsoft Windows Media Player Network Sharing Utility with which an attacker can hijack a computer via the dispatch of a malevolent Real-Time Streaming Protocol (RTSP) pack to a vulnerable machine.
Eventually, Microsoft recommends that all users should deploy the updates quickly for warding off any malware infection.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 20-10-2010