Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43445
  • Total Topics: 16537
  • Online today: 2794
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 2
Guests: 2792
Total: 2794









Author Topic: Microsoft has patched a record 64 vulnerabilities in Windows, Office...  (Read 3134 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Microsoft has patched a record 64 vulnerabilities in Windows, Office and five other software packages, many of which allowed attackers to remotely install malware on end user machines.

The most important fixes addressed a vulnerability in the Internet Explorer browser that was exploited in last month's Pwn2Own contest. Although details were kept confidential, hackers have begun exploiting the critical flaw in real-world attacks, Microsoft warned. The use-after-free vulnerability affects versions 8 and earlier of the Microsoft browser.

The other top priority should be updates that patch critical vulnerabilities in the way Windows handles networking requests using the SMB, or Server Message Block, protocol. By sending malformed packets, attackers can remotely install malware on vulnerable machines with no user interaction required.

Researchers have warned that the flaw could be exploited to install self-replicating worms in much the way a similar vulnerability from 2008 did. Even after Microsoft issued an emergency patch for the flaw, it still opened the door to the Conficker Worm, which commandeered millions of machines.

The monster patch batch also included relief for another flaw in all supported versions of Windows that Google has said was being exploited by "politically motivated" attackers against activists. The MS11-026 update fixes the way Windows parses webpages containing MIME-formatted content: http://www.microsoft.com/technet/security/Bulletin/MS11-026.mspx

Microsoft also introduced two tools that are designed to thwart malware attacks. One extends a protection known as Office File Validation to older versions of Office. The feature, which was previously available only to users of Office 2010, helps users to identify malicious Office files by scanning and validating them before they are opened: https://www.microsoft.com/technet/security/advisory/2501584.mspx

The second tool is an update to the winload.exe component that helps flag device drivers that have been booby-trapped to install malware: https://www.microsoft.com/technet/security/advisory/2506014.mspx

The patches were released in 17 bulletins, nine of which carried a rating of “critical,” a designation typically reserved for vulnerabilities that can be remotely exploited to install malware or expose sensitive user data. The remaining eight bulletins were rated “important.”

Microsoft offers a quick overview of this month's Patch Tuesday here: http://blogs.technet.com/b/msrc/archive/2011/04/12/april-2011-security-bulletin-release.aspx and a bulletin-by-bulletin risk assessment here: http://blogs.technet.com/b/srd/archive/2011/04/12/assessing-the-risk-of-the-april-security-updates.aspx
As always, SANS has a helpful summary here: http://isc.sans.edu/diary.html?storyid=10693

(ElReg)

Samker's Computer Forum - SCforum.info


Fintech

  • SCF VIP Member
  • *****
  • Posts: 367
  • KARMA: 49
  • Gender: Male
And about fifteen from windows 7.. ??? Whole windows is like sieve! Really massive month patching!  :down:

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023