No. 1 Story

ACCC clears Optus to scrap HFC network and use NBN instead

The ACCC has cleared, provisionally, the proposed deal between Optus and NBN Co under which Optus is to be paid around $800m to shut down its HFC network and transfer customers onto the NBN. read more

Related Articles

October, Patch, Tuesday, biggest, ever
Patches for 26 Windows, Office vulnerabilities coming next Tuesday
Microsoft is planning to dish up heapin' helpin' of security bulletins next week. So...
Read More
Microsoft to hit users with 11 fixes on Patch Tuesday
Microsoft Windows and Office have once again been exposed for the leaky vessels they...
Read More
Third party fixes not a patch on Microsoft
The debate has flared up once again about whether users should wait for an...
Read More
Microsoft stung into action releases browser patch
With the news that thousands of web sites are already exploiting an Internet Explorer...
Read More
Microsoft now needs a patch for its patch
It just seems to get worse for for Microsoft  on the Windows security front....
Read More

More From

Popular Threads

October Patch Tuesday is biggest ever

Stephen Withers
Wednesday, 14 October 2009 04:33

Business IT - Security

View Comments
Page 1 of 2
As expected, Microsoft released 13 new security bulletins overnight (Australian time). A mammoth 34 vulnerabilities are addressed, including some affecting Windows 7.
Microsoft has set a new record by releasing 13 security bulletins in one go. The bulletins cover a variety of issues for Windows and Microsoft Office.

Eight of the bulletins are rated critical and allow remote code execution, the other five are important.

Let's start with the Windows bulletins.

The previously disclosed SMBv2 issue has now been fixed. The bulletin applies only to Vista and Server 2008 as far as supported versions of Windows are concerned, although prerelease versions of Windows 7 are apparently affected too. Server 2008 R2 does not suffer from the vulnerability.

A pair of bulletins address vulnerabilities in Windows Media Runtime and Windows Media Player. Maliciously crafted content can gain the same rights as the current user. These issues apply to Windows 2000, XP, Server 2003, Vista and Server 2008 (for those last two, only the Windows Media Runtime issue).

A cumulative update for Internet Explorer plugs four holes that can be exploited by maliciously crafted web pages. The update is required for Internet Explorer 6, 7 and 8, and by all currently supported versions of Windows, including Windows 7.

This month's cumulative update of ActiveX kill bits continues to address issues caused by the Active Template Library security issue. All supported versions of Windows are affected, but the issue is less important on Windows Server, Vista, and Windows 7.

Multiple issues in the .NET common language runtime can be exploited via a web browser of Silverlight applications. The bulletin is rated as critical or important for all supported versions of Windows.

Multiple vulnerabilities in GDI+ that could be exploited via malicious image files have been fixed. Vista SP2, Server 2008 SP2, and Windows 7 are unaffected.

Turning to the less serious matters, the five important bulletins all concern Windows.

A pair of publicly disclosed vulnerabilities in IIS's FTP service (which were acknowledged by Microsoft last month) have been fixed. IIS versions 5.0, 5.1, 6.0 and 7.0 are all affected, so there are updates for all supported versions of Windows except Windows 7 and Server 2008 R2.

Two vulnerabilities in Windows CryptoAPI that could allow spoofing have been addressed in all currently supported versions of Windows.

More on the Patch Tuesday updates (and more!) on page 2.


Start 1 2 Next 

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases