Business IT - Technology for your business

No. 1 Story

Telstra adds one million mobile services, but Sensis plummets

Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.

 read more
StumbleUponSubmit to redditShare this on TwitterShare on facebook | Print |PDF 

More From

October Patch Tuesday is biggest ever

Stephen Withers
Wednesday, 14 October 2009 05:33

Business IT - Security

Page 1 of 2
As expected, Microsoft released 13 new security bulletins overnight (Australian time). A mammoth 34 vulnerabilities are addressed, including some affecting Windows 7.
Microsoft Office 365 Get your free Trial

Related Articles

Microsoft has set a new record by releasing 13 security bulletins in one go. The bulletins cover a variety of issues for Windows and Microsoft Office.

Eight of the bulletins are rated critical and allow remote code execution, the other five are important.

Let's start with the Windows bulletins.

The previously disclosed SMBv2 issue has now been fixed. The bulletin applies only to Vista and Server 2008 as far as supported versions of Windows are concerned, although prerelease versions of Windows 7 are apparently affected too. Server 2008 R2 does not suffer from the vulnerability.

A pair of bulletins address vulnerabilities in Windows Media Runtime and Windows Media Player. Maliciously crafted content can gain the same rights as the current user. These issues apply to Windows 2000, XP, Server 2003, Vista and Server 2008 (for those last two, only the Windows Media Runtime issue).

A cumulative update for Internet Explorer plugs four holes that can be exploited by maliciously crafted web pages. The update is required for Internet Explorer 6, 7 and 8, and by all currently supported versions of Windows, including Windows 7.

This month's cumulative update of ActiveX kill bits continues to address issues caused by the Active Template Library security issue. All supported versions of Windows are affected, but the issue is less important on Windows Server, Vista, and Windows 7.

Multiple issues in the .NET common language runtime can be exploited via a web browser of Silverlight applications. The bulletin is rated as critical or important for all supported versions of Windows.

Multiple vulnerabilities in GDI+ that could be exploited via malicious image files have been fixed. Vista SP2, Server 2008 SP2, and Windows 7 are unaffected.

Turning to the less serious matters, the five important bulletins all concern Windows.

A pair of publicly disclosed vulnerabilities in IIS's FTP service (which were acknowledged by Microsoft last month) have been fixed. IIS versions 5.0, 5.1, 6.0 and 7.0 are all affected, so there are updates for all supported versions of Windows except Windows 7 and Server 2008 R2.

Two vulnerabilities in Windows CryptoAPI that could allow spoofing have been addressed in all currently supported versions of Windows.

More on the Patch Tuesday updates (and more!) on page 2.


Start 1 2 Next 

Sponsored Announcements

Websense #1 in Web Security Fourth Year in a Row

David Bass | For the fourth year in a row, IDC has placed content security provider Websense (NASDAQ: WBSN) at the top of the IDC Worldwide Web Security 2011 –…

You may have missed


Advertisement

- sponsored feature -

The Death of Traditional BI: What’s Next?

How to Make Business Discovery Work for Your Business IP PABX BUYING GUIDE

Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases