Featured Articles

IHS teardown reveals Galaxy S5 BOM

IHS teardown reveals Galaxy S5 BOM

Research firm IHS got hold of Samsung’s new flagship smartphone and took it apart to the last bolt to figure out…

More...
Galaxy S5, HTC One M8 available selling well

Galaxy S5, HTC One M8 available selling well

Samsung’s Galaxy S5 has finally gone on sale and it can be yours for €699, which is quite a lot of…

More...
Intel lists Haswell refresh parts

Intel lists Haswell refresh parts

Intel has added a load of Haswell refresh parts to its official price list and there really aren’t any surprises to…

More...
Respawn confirms Titanfall DLC for May

Respawn confirms Titanfall DLC for May

During his appearance at PAX East panel and confirmed on Twitter, Titanfall developer Respawn confirmed that the first DLC pack for…

More...
KFA2 GTX 780 Ti Hall Of Fame reviewed

KFA2 GTX 780 Ti Hall Of Fame reviewed

KFA2 gained a lot of overclocking experience with the GTX 780 Hall of Fame (HOF), which we had a chance to…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Wednesday, 11 August 2010 05:36

Microsoft releases record number of Windows Updates

Written by Jon Worrel

microsoft  windows_update_logo

Fourteen patches to fix vulnerabilities in media applications

While the Microsoft Windows worldwide userbase attended to its usual habits on Tuesday morning, Microsoft released a record number of Windows Update security bulletins, bringing the total amount of fixes to 15 in August. A recent press release from Symantec explains that Microsoft would be setting a record for the number of patches released to end-users in a single month. Nevertheless, the patches released in August 2010 tie the record for the total number of critical vulnerability fixes it has ever released since the "Patch Tuesday" program began.

Microsoft outlined in a statement that it is"providing active security protections to help customers manage and prevent threats to their computing experience through the release of 14 security bulletins. This month's bulletin package includes eight "Critical" and six "Important" updates to address 34 vulnerabilities in Microsoft Office, Microsoft Windows, Internet Explorer, Microsoft Silverlight, Microsoft XML Core Services and Server Message Block."

In perspective, 14 of the 15 bulletins released this month address bugs in media applications. It is important to note that Microsoft has already fixed bugs in media applications and media file formats through the months of February, March, April and June. This month's major release stands to continue an ever-growing security concern. "So much of what people do on the Internet these days includes videos or music," said Andrew Storms, director of security operations for nCircle. "Malware writers continue to take advantage of the fact that people are less aware of malware embedded in these files."

windows_update_patch_tuesday_8-10-2010

Microsoft Patch Tuesday on August 10, 2010 brings record number of security fixes

The first critical bulletin listed for August is a Windows Shell vulnerability that could allow remote code execution if the icon of a specially crafted shortcut is displayed. In other words, a harmless looking desktop shortcut could allow an attacker to gain access to critical Windows system files and potentially raise a hell storm on the exploited system. The issue affects Windows 7, Windows Vista, Windows Server 2008/R2, Windows Server 2003/x64 and Windows XP.

Joshua Talbot, security intelligence manager for Symantec Security Response, warned that IT administrators should be particularly concerned about bulletin MS10-054, the critical SMS pool overflow vulnerability. The identified exploit allows an attacker to remotely execute code if a specially crafted SMB packet were created and sent to an affected system. "Best practices dictate that file or print sharing services, such as SMB servers, should not be open to the Internet," says Talbot. "But such services are often unprotected from neighboring systems on local networks. So, a cybercriminal could use a multi-staged attack to exploit this vulnerability. Such an attack would likely start by compromising an employee's machine via a drive-by download or socially engineered email, and would end by using that compromised computer to attack neighboring machines on the same local network that have the SMB service running."

All of the important fixes, except for one, are patches for Windows OS-level vulnerabilities. According to RedmondMag, the exploits addressed represent a mixed bag. The August 2010 patches contain two fixes for RCE exploit considerations and four fixes for elevation-of-privilege vulnerabilities.

IT professionals should "roll with the punches this time", says Paul Henry, security analyst at Lumension. "But the critical security bulletins take priority. This will be a disruptive Patch Tuesday, given the broad range of products impacted and the required restarts," Henry said. "Initial priorities should always be the nine critical vulnerabilities, followed by the remaining balance of important and moderate patches."

The full list of Windows Update bulletins released on Tuesday, August 10, 2010 can be found here. For Windows 7, Vista, XP, Server 2008 and Server 2003 users, we highly suggest installing this round of critical security fixes - and or those of you with subconscious guilt that your neighbor or family member won't put in the effort to install these fixes, we highly recommend lending them a helping hand.

Last modified on Wednesday, 11 August 2010 09:43

Jon Worrel

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

To be able to post comments please log-in with Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments