Featured Articles

Broadwell 14nm desktop comes late in Q2 2015

Broadwell 14nm desktop comes late in Q2 2015

A while ago we mentioned that Broadwell won’t show up in the desktop space this year and we got it right.…

More...
Android Wear installed on 10.000+ phones

Android Wear installed on 10.000+ phones

Android Wear should be one of the first steps towards a wearable revolution and so far it is off to a…

More...
AMD A8-7600 Kaveri APU reviewed

AMD A8-7600 Kaveri APU reviewed

Today we'll take a closer look at AMD's A8-7600 APU Kaveri APU, more specifically we'll examine the GPU performance you can…

More...
Samsung launches 850 Pro series SSDs

Samsung launches 850 Pro series SSDs

Samsung launched a new SSD line-up today and it is based on the Korean giant’s cutting edge 3D vertical NAND (V-NAND).

More...
EVGA GTX 780 Classified reviewed

EVGA GTX 780 Classified reviewed

The EVGA GTX 780 Classified has been dethroned as the company’s fastest non-Titan card following the introduction of the GTX 780…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Wednesday, 11 August 2010 05:36

Microsoft releases record number of Windows Updates

Written by Jon Worrel

microsoft  windows_update_logo

Fourteen patches to fix vulnerabilities in media applications

While the Microsoft Windows worldwide userbase attended to its usual habits on Tuesday morning, Microsoft released a record number of Windows Update security bulletins, bringing the total amount of fixes to 15 in August. A recent press release from Symantec explains that Microsoft would be setting a record for the number of patches released to end-users in a single month. Nevertheless, the patches released in August 2010 tie the record for the total number of critical vulnerability fixes it has ever released since the "Patch Tuesday" program began.

Microsoft outlined in a statement that it is"providing active security protections to help customers manage and prevent threats to their computing experience through the release of 14 security bulletins. This month's bulletin package includes eight "Critical" and six "Important" updates to address 34 vulnerabilities in Microsoft Office, Microsoft Windows, Internet Explorer, Microsoft Silverlight, Microsoft XML Core Services and Server Message Block."

In perspective, 14 of the 15 bulletins released this month address bugs in media applications. It is important to note that Microsoft has already fixed bugs in media applications and media file formats through the months of February, March, April and June. This month's major release stands to continue an ever-growing security concern. "So much of what people do on the Internet these days includes videos or music," said Andrew Storms, director of security operations for nCircle. "Malware writers continue to take advantage of the fact that people are less aware of malware embedded in these files."

windows_update_patch_tuesday_8-10-2010

Microsoft Patch Tuesday on August 10, 2010 brings record number of security fixes

The first critical bulletin listed for August is a Windows Shell vulnerability that could allow remote code execution if the icon of a specially crafted shortcut is displayed. In other words, a harmless looking desktop shortcut could allow an attacker to gain access to critical Windows system files and potentially raise a hell storm on the exploited system. The issue affects Windows 7, Windows Vista, Windows Server 2008/R2, Windows Server 2003/x64 and Windows XP.

Joshua Talbot, security intelligence manager for Symantec Security Response, warned that IT administrators should be particularly concerned about bulletin MS10-054, the critical SMS pool overflow vulnerability. The identified exploit allows an attacker to remotely execute code if a specially crafted SMB packet were created and sent to an affected system. "Best practices dictate that file or print sharing services, such as SMB servers, should not be open to the Internet," says Talbot. "But such services are often unprotected from neighboring systems on local networks. So, a cybercriminal could use a multi-staged attack to exploit this vulnerability. Such an attack would likely start by compromising an employee's machine via a drive-by download or socially engineered email, and would end by using that compromised computer to attack neighboring machines on the same local network that have the SMB service running."

All of the important fixes, except for one, are patches for Windows OS-level vulnerabilities. According to RedmondMag, the exploits addressed represent a mixed bag. The August 2010 patches contain two fixes for RCE exploit considerations and four fixes for elevation-of-privilege vulnerabilities.

IT professionals should "roll with the punches this time", says Paul Henry, security analyst at Lumension. "But the critical security bulletins take priority. This will be a disruptive Patch Tuesday, given the broad range of products impacted and the required restarts," Henry said. "Initial priorities should always be the nine critical vulnerabilities, followed by the remaining balance of important and moderate patches."

The full list of Windows Update bulletins released on Tuesday, August 10, 2010 can be found here. For Windows 7, Vista, XP, Server 2008 and Server 2003 users, we highly suggest installing this round of critical security fixes - and or those of you with subconscious guilt that your neighbor or family member won't put in the effort to install these fixes, we highly recommend lending them a helping hand.

Last modified on Wednesday, 11 August 2010 09:43

Jon Worrel

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments