[real-eyes] Microsoft Issues Monster Patch Update
- From: Steven Clark <kcpadfoot@xxxxxxxxx>
- To: real-eyes@xxxxxxxxxxxxx
- Date: Wed, 13 Apr 2011 20:18:10 -0500
The following is from Krebs On Security www.krebsonsecurity.com
Microsoft Issues Monster Patch Update
Microsoft released a record number of software updates yesterday to fix
at least
64 security vulnerabilities in its Windows operating systems and Office
products,
including at least one that attackers are actively exploiting.
Updates are available for all versions of Windows via Windows Update or
Automatic
Update. Nine of the patches earned Microsoft’s “critical” rating, which
means the
vulnerabilities they fix could be exploited to compromise PCs with
little or no action
on the part of the user, apart from visiting a booby-trapped Web site or
opening
a tainted file.
Redmond said three of patches should be top priorities. Two of them fix
critical
vulnerabilities in the “server message block” or SMB service, which
handles Windows
networking. Attackers could exploit the flaw addressed by
MS11-020
by sending a single, specially crafted evil data packet to a targeted
system. This
is the type of flaw that should concern any network administrator,
because it has
high potential to be used to power an automated computer worm.
Microsoft also called attention to
MS11-018
, which is a cumulative security update for Internet Explorer that fixes
critical
flaws in all versions of the browser except the latest IE9, which is not
affected.
One of the IE vulnerabilities — the MHTML flaw
I wrote about in January
— is currently being exploited; another was discovered at the
Pwn2Own hacking competition
earlier this year.
Most XP users will find that a total of 22 to 30 patches will be
installed, and more
if Office 2010 is installed. The PC will be very busy after reboot and
will need
about four to five minutes to catch up and finish finalizing all the
patches. Included
in this month’s patch batch is a .NET Framework update, which usually
takes a while
to download and install.
In addition to the security updates, Microsoft released two security
related tools.
The Rootkit Evasion Prevention Tool
“will expose an installed rootkit and give your anti-malware software
the ability
to detect and remove the rootkit,”
wrote
Dustin Childs
, a senior security program manager at Microsoft. “For a rootkit to be
successful
it must stay hidden and persistent on a system. One way we have seen
rootkits hide
themselves on 64-bit systems is bypassing driver signing checks done by
winload.exe.”
Microsoft expanded the applicability of its
Office File Validation tool
, a security feature the company initially released in December 2010 for
Office 2010
that has now been extended to work with Office 2003 and 2007. “This
feature, which
is included in Word, Excel, PowerPoint and Publisher (.doc, .xls, .ppt
and .pub file
formats), will validate the file structure as it is being opened by the
user,”
wrote
Modesto Estrada
, Microsoft’s Office Program Manager. The validation will check the file
to make
sure it conforms to expected Office specifications. If this process
fails the user
will be notified of potential issues.”
This entry was posted on Wednesday, April 13th, 2011 at 5:48 pm and is
filed under
Time to Patch
To subscribe or to leave the list, or to set other subscription options, go to
www.freelists.org/list/real-eyes
Other related posts:
- » [real-eyes] Microsoft Issues Monster Patch Update - Steven Clark
