Microsoft today said it will deliver a record 14 security updates next week to patch a record-tying 34 vulnerabilities in Windows, Internet Explorer IE, Office and Silverlight.
via http://www.networkworld.com/news/2010/080510-microsoft-slates-record-setting-monster-patch.html.
Today, Microsoft released a special out-of-band patch which repairs a single Remote Code Execution vulnerability in how Windows Shell processes .lnk files.
As always, eEye suggests that all users apply Out of Band Microsoft patches as fast as possible, preferably after testing the impact on internal applications and network continuity.
Slates record-tying 34 patches for Windows, IE, Office and SharePoint
The patches will also quash two bugs that Microsoft acknowledged in February and April.
“I’d actually call this a moderate month,” said Andrew Storms, director of security operations at nCircle Security. “Looking at the criticality of the bulletins, and the fact that the number [of bulletins] is low, it doesn’t look like a huge month to me.”
By the numbers, however, next week’s updates will be huge. Although the 10 updates fall short of the record of 13 — first set in October 2009, then repeated in February 2010 — Microsoft will fix a total of 34 vulnerabilities, the same number as the current record, also set last October.
via networkworld.com.
No surprise that there are a lot of updates (11) and that there is something critical for just about everybody!
Microsoft Security Bulletin Advance Notification issued: April 8, 2010
Microsoft Security Bulletins to be issued: April 13, 2010
This is an advance notification of security bulletins that Microsoft is intending to release on April 13, 2010.
via Microsoft Security Bulletin Advance Notification for April 2010.
Microsoft today announced it will issue an emergency security update for Internet Explorer IE tomorrow to patch a zero-day vulnerability that has been used to launch drive-by attacks for at least several weeks.
Tuesday’s update will be the second out-of-band update — Microsoft’s term for one outside its normal once-each-month Patch Tuesday — in the last three months.
via http://www.networkworld.com/news/2010/032910-microsoft-to-patch-ie-zero-day.htm
Out of the 13 advisories this month, administrators are advised to patch MS10-006, MS10-009, MS10-013, MS10-015, and MS09-012 immediately. Machines with Microsoft Office installed should also be patched for MS10-003 and MS10-004 as soon as possible. The remainder of the patches should be applied after environment testing, or to environments that have the specifically affected software deployed.
As always, eEye suggests that users roll out Microsoft patches as fast as possible, preferably after testing the impact on internal applications and network continuity.
via eEye Digital Security .
This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer… The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles objects in memory, validates input parameters, and filters HTML attributes.
EEye recommends immediate installation of the patch.
via eEye Digital Security .
Security News