Technology news and Jobs 
VIRTUALISATION October Patch Tuesday is biggest ever
VIRTUALISATION October Patch Tuesday is biggest ever | October Patch Tuesday is biggest ever |
|
| by Stephen Withers | |
| Wednesday, 14 October 2009 | |
|
Page 1 of 2   
Featured Whitepaper
5 Best Practices for Smartphone Support
Eight of the bulletins are rated critical and allow remote code execution, the other five are important. Let's start with the Windows bulletins. The previously disclosed SMBv2 issue has now been fixed. The bulletin applies only to Vista and Server 2008 as far as supported versions of Windows are concerned, although prerelease versions of Windows 7 are apparently affected too. Server 2008 R2 does not suffer from the vulnerability. A pair of bulletins address vulnerabilities in Windows Media Runtime and Windows Media Player. Maliciously crafted content can gain the same rights as the current user. These issues apply to Windows 2000, XP, Server 2003, Vista and Server 2008 (for those last two, only the Windows Media Runtime issue). A cumulative update for Internet Explorer plugs four holes that can be exploited by maliciously crafted web pages. The update is required for Internet Explorer 6, 7 and 8, and by all currently supported versions of Windows, including Windows 7. This month's cumulative update of ActiveX kill bits continues to address issues caused by the Active Template Library security issue. All supported versions of Windows are affected, but the issue is less important on Windows Server, Vista, and Windows 7. Multiple issues in the .NET common language runtime can be exploited via a web browser of Silverlight applications. The bulletin is rated as critical or important for all supported versions of Windows. Multiple vulnerabilities in GDI+ that could be exploited via malicious image files have been fixed. Vista SP2, Server 2008 SP2, and Windows 7 are unaffected. Turning to the less serious matters, the five important bulletins all concern Windows. A pair of publicly disclosed vulnerabilities in IIS's FTP service (which were acknowledged by Microsoft last month) have been fixed. IIS versions 5.0, 5.1, 6.0 and 7.0 are all affected, so there are updates for all supported versions of Windows except Windows 7 and Server 2008 R2. Two vulnerabilities in Windows CryptoAPI that could allow spoofing have been addressed in all currently supported versions of Windows. More on the Patch Tuesday updates (and more!) on page 2. |
| < Next story in category | Previous story in the category > |
|---|
