Miles Associates LLC

Out of the 13 advisories this month, administrators are advised to patch MS10-006, MS10-009, MS10-013, MS10-015, and MS09-012 immediately. Machines with Microsoft Office installed should also be patched for MS10-003 and MS10-004 as soon as possible. The remainder of the patches should be applied after environment testing, or to environments that have the specifically affected software deployed.

As always, eEye suggests that users roll out Microsoft patches as fast as possible, preferably after testing the impact on internal applications and network continuity.

via eEye Digital Security .

There are several practical workarounds in this bulletin.  Primarily, enable Protected Mode in the Internet zone and make sure to move any questionable sites out of the Trusted zone.

via Microsoft Security Advisory 980088: Vulnerability in Internet Explorer Could Allow Information Disclosure.

This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer… The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles objects in memory, validates input parameters, and filters HTML attributes.

EEye recommends immediate installation of the patch.

via eEye Digital Security .

Microsoft is investigating reports of limited, targeted attacks against customers of Internet Explorer 6, using a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.

Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are vulnerable.

via Microsoft Security Advisory (979352): Vulnerability in Internet Explorer Could Allow Remote Code Execution.

“The public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability.  This attack is especially deadly on older systems that are running XP and Internet Explorer 6.”

via FOXNews.com – Google Hack Leaked to Internet; Security Experts Urge Vigilance.

Out of the 6 patches this month, three are client-side specific, and 3 are remote network vulnerabilities. Administrators should patch MS09-072, MS09-0071, and MS09-073 immediately. The remainder of the patches should be applied after environment testing, or to environments that have the specifically affected software deployed.

via Security bulletin from eEye Digital Security .

Google’s Gmail and Yahoo’s Mail were also targeted by a large-scale phishing attack, perhaps the same one that harvested at least 10,000 passwords from Microsofts Windows Live Hotmail, according to a report by the BBC.

via networkworld.com.