Bumper patch Tuesday ahead

 

Gallery

Posted on 10 Oct 2008 at 08:42

Microsoft has ensured a busy patch Tuesday for network administrators, posting bulletins for 11 patches covering a range of vulnerabilities in its software.

Four of the bulletins have been labelled critical, Microsoft's highest alert. Critical vulnerabilities can be exploited to launch remote code executions.

The four "critical" bulletins affect Windows, Internet Explorer browser, Excel and Microsoft's Host Integration Server. The critical Host Integration bug only affects Microsoft Windows 2000 Server, however the Excel bug be exploited in all Windows and Mac OS X versions of Office.

The Redmond Giant has also flagged up four vulnerabilities in Windows as important, its second highest security alert. Again the company warns that unless patched, these flaws could allow a malicious hacker to gain access to your system.

The final fix is tagged as moderate, and affects Microsoft Office. The company says it could lead to "information disclosure" if not addressed.

This month will also see the launch of two new Microsoft security initiatives, the Exploitability Index and the Microsoft Active Protections Program (MAPP).

The Exploitability Index simply lists which of the flaws Microsoft believes has the highest chance of being exploited once the information is out in the wild. The aim is to help customers assess which of the fixes needs to be rolled out across their network first.

The MAPP will offer security vendors a sneak peek at bulletins before their launch, giving them a head start on working on out where a potential exploit is likely to come from.

Apple has also launched a huge patch covering a staggering 40 documented vulnerabilities in Mac operating systems.

Security Update 2008-007, which will be available for Tiger and Leopard, fixes a wide range of third-party software and Mac OS X exploits that leave users at the risk of remote code executions attacks.

Author: Stuart Turton