Print this page
Published in News

Microsoft releases record number of Windows Updates

by on11 August 2010

microsoft  windows_update_logo

Fourteen patches to fix vulnerabilities in media applications

While the Microsoft Windows worldwide userbase attended to its usual habits on Tuesday morning, Microsoft released a record number of Windows Update security bulletins, bringing the total amount of fixes to 15 in August. A recent press release from Symantec explains that Microsoft would be setting a record for the number of patches released to end-users in a single month. Nevertheless, the patches released in August 2010 tie the record for the total number of critical vulnerability fixes it has ever released since the "Patch Tuesday" program began.

Microsoft outlined in a statement that it is"providing active security protections to help customers manage and prevent threats to their computing experience through the release of 14 security bulletins. This month's bulletin package includes eight "Critical" and six "Important" updates to address 34 vulnerabilities in Microsoft Office, Microsoft Windows, Internet Explorer, Microsoft Silverlight, Microsoft XML Core Services and Server Message Block."

In perspective, 14 of the 15 bulletins released this month address bugs in media applications. It is important to note that Microsoft has already fixed bugs in media applications and media file formats through the months of February, March, April and June. This month's major release stands to continue an ever-growing security concern. "So much of what people do on the Internet these days includes videos or music," said Andrew Storms, director of security operations for nCircle. "Malware writers continue to take advantage of the fact that people are less aware of malware embedded in these files."

windows_update_patch_tuesday_8-10-2010

Microsoft Patch Tuesday on August 10, 2010 brings record number of security fixes

The first critical bulletin listed for August is a Windows Shell vulnerability that could allow remote code execution if the icon of a specially crafted shortcut is displayed. In other words, a harmless looking desktop shortcut could allow an attacker to gain access to critical Windows system files and potentially raise a hell storm on the exploited system. The issue affects Windows 7, Windows Vista, Windows Server 2008/R2, Windows Server 2003/x64 and Windows XP.

Joshua Talbot, security intelligence manager for Symantec Security Response, warned that IT administrators should be particularly concerned about bulletin MS10-054, the critical SMS pool overflow vulnerability. The identified exploit allows an attacker to remotely execute code if a specially crafted SMB packet were created and sent to an affected system. "Best practices dictate that file or print sharing services, such as SMB servers, should not be open to the Internet," says Talbot. "But such services are often unprotected from neighboring systems on local networks. So, a cybercriminal could use a multi-staged attack to exploit this vulnerability. Such an attack would likely start by compromising an employee's machine via a drive-by download or socially engineered email, and would end by using that compromised computer to attack neighboring machines on the same local network that have the SMB service running."

All of the important fixes, except for one, are patches for Windows OS-level vulnerabilities. According to RedmondMag, the exploits addressed represent a mixed bag. The August 2010 patches contain two fixes for RCE exploit considerations and four fixes for elevation-of-privilege vulnerabilities.

IT professionals should "roll with the punches this time", says Paul Henry, security analyst at Lumension. "But the critical security bulletins take priority. This will be a disruptive Patch Tuesday, given the broad range of products impacted and the required restarts," Henry said. "Initial priorities should always be the nine critical vulnerabilities, followed by the remaining balance of important and moderate patches."

The full list of Windows Update bulletins released on Tuesday, August 10, 2010 can be found here. For Windows 7, Vista, XP, Server 2008 and Server 2003 users, we highly suggest installing this round of critical security fixes - and or those of you with subconscious guilt that your neighbor or family member won't put in the effort to install these fixes, we highly recommend lending them a helping hand.

Last modified on 11 August 2010
Rate this item
(0 votes)