Boundary IT Services Ltd » Security

Microsoft Security Patches for June 2010

Boundary — Wed, 09 Jun 2010 12:01:55 +0000

The Microsoft Patch Tuesday train rolled into town today, dropping off a massive 10 security bulletins with fixes for at least 34 documented vulnerabilities.

Three of the bulletins are rated “critical” because of the risk of remote code execution attacks. Affected products include the Windows operating system, Microsoft Office, the Internet Explorer browser and Internet Information Services (IIS).

This month’s patch batch also provides cover for a known cross-site scripting flaw in the Microsoft SharePoint Server and a publicly discussed data leakage hole in Internet Explorer.

Microsoft is urging its users to pay special attention to MS10-033 (Windows), MS10-034 (ActiveX killbits) and MS10-035 (Internet Explorer) because these contain fixes for issues that may be exploited by malicious hackers very soon.

Microsoft Patches for March 2010

Boundary — Tue, 09 Mar 2010 11:26:39 +0000

Microsoft is planning a quiet Patch Tuesday this month: Just two bulletins with patches for eight security vulnerabilities.

According to Redmond’s Advance Notification, the vulnerabilities affect the Windows operating system and the Microsoft Office productivity suite.

Both bulletins are rated “important” because of the risk compromising the confidentiality, integrity or availability of user data.

Microsoft is recommending that Windows and Office users review its Advance Notification webpage and prepare to deploy the bulletins as soon as possible.

Customers should note that both bulletins will address issues that would require a user to open a specially crafted file. There are no network based attack vectors.

The patches will be released on March 9, 2009 around 11AM EST.

Microsoft Patches for February 2010

Boundary — Tue, 09 Feb 2010 21:09:39 +0000

Microsoft today released 13 security bulletins with fixes for 26 vulnerabilities affecting Windows and Office users and warned customers to pay special attention to a slew of flaws that can be trivially exploited by malware miscreants.

The company urged customers to prioritize and deploy four updates because of the “critical” severity rating and the fact that “consistent exploit code” is likely within the next 30 days.

Microsoft to release emergency IE patch – Jan 2010

Boundary — Tue, 19 Jan 2010 14:42:47 +0000

Microsoft has started dropping broad hints that an emergency patch for Internet Explorer will be released very soon to counter targeted attacks and the publication of exploit code for a “browse and you’re owned” vulnerability in its flagship Web browser.

The out-of-band update will be released once the company is satisfied that it has been properly tested against all affected versions of Windows. This could happen as early as this weekend.

Microsoft Patches for January 2010

Boundary — Wed, 13 Jan 2010 16:47:04 +0000

The first Microsoft patch for 2010 is out, providing cover for a solitary vulnerability in the way Windows handles EOT (Embedded OpenType) fonts.

The update is rated “critical” but Microsoft says there is a low likelihood of exploitation on its newer operating systems.

The vulnerability, which was discovered by Google security engineer Tavis Ormandy, is a remote code execution issue in the way that the Microsoft Windows Embedded OpenType (EOT) Font Engine decompresses specially crafted EOT fonts.

Because Microsoft considers this a very difficult vulnerability to exploit on most operating systems, it is rated “critical” only for Windows 2000.

However, it’s important to note that Windows XP, Windows Vista and Windows 7 are all affected by this flaw.

Microsoft Patches for December 2009

Boundary — Wed, 09 Dec 2009 09:20:44 +0000

Microsoft today shipped six bulletins with patches for a total of 12 documented security vulnerabilities in a wide range of widely deployed software products. Three of the six bulletins are rated

Microsoft Patches for November 2009

Boundary — Thu, 12 Nov 2009 09:19:11 +0000

As part of its scheduled batch of patches for November, Microsoft today issued six security bulletins with fixes for a total of 15 vulnerabilities affecting its Windows and Office product lines.

Three of the six bulletins are rated

Microsoft Patches for October 2009 – 13 critical

Boundary — Tue, 13 Oct 2009 14:05:16 +0000

Microsoft is planning a bumper Patch Tuesday next week

Microsoft Patches for September 2009

Boundary — Mon, 07 Sep 2009 10:04:07 +0000

Microsoft

Microsoft Patches for June 2009 – 6 critical

Boundary — Mon, 08 Jun 2009 08:59:26 +0000

According to the Microsoft Security Response Center, Microsoft will issue 10 Security Bulletins on Tuesday, and it will host a webcast to address customer questions on the bulletin the following day (June 10 at 11:00am PST, if you’re interested). Six of the vulnerabilities are rated “Critical,” three are marked as “Important,” and the last one is considered “Moderate.” All of the Critical vulnerabilities earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least seven of the 10 patches will require a restart.