We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Microsoft fixes 34 flaws in record Patch Tuesday

What IT admins need to know

Microsoft has unleashed a record number of security updates for a single month, with 14 new security bulletins addressing 34 different vulnerabilities.

IT admins need to understand the risks and prioritise the patches to ensure they aren't overwhelmed by the sheer volume of the patch avalanche.

This month's package includes eight 'Critical' and six 'Important' updates to address 34 vulnerabilities in Microsoft Office, Microsoft Windows, Microsoft Internet Explorer, Microsoft Silverlight, Microsoft XML Core Services and Server Message Block."

Andrew Storms, director of security operations for nCircle, said: "It's another movies-to-malware month for Microsoft. Four of the 14 bulletins this month fix bugs in media applications. Already this year Microsoft has fixed bugs in media applications or media file formats in February, March, April and June, so this month continues an obvious and growing trend. So much of what people do on the internet these days includes videos or music and malware writers continue to take advantage of the fact that people are less aware of malware embedded in these files."

The Patch Tuesday security bulletins are above and beyond the out-of-band patch released last week for the Windows shortcut flaw. Microsoft was compelled to rush that fix out due to a rise in attacks exploiting the vulnerability.

Joshua Talbot, security intelligence manager for Symantec Security Response, warned that IT admins should be particularly concerned with the SMB pool overflow vulnerability (MS10-054). "Best practices dictate that file or print sharing services, such as SMB servers, should not be open to the internet. But such services are often unprotected from neighbouring systems on local networks. So, a cybercriminal could use a multi-staged attack to exploit this vulnerability."

Talbot explained: "Such an attack would likely start by compromising an employee's machine via a drive-by download or socially engineered email, and would end by using that compromised computer to attack neighboring machines on the same local network that have the SMB service running."

 "Today's Microsoft patches again underline the risk of using the internet unprotected," said Dave Marcus, director of security research and communications at McAfee Labs.

"These vulnerabilities could be exploited to booby trap websites, Office and media files to gain control over vulnerable computers simply by tricking victims into opening a malicious file or clicking a malicious link."

Marcus added: "Such a large number of fixes should make business users want to investigate whether they could use whitelisting to lock down their systems instead of rushing out fixes."

IT admins need to assess and prioritise the Microsoft updates. The Microsoft criticality ratings can serve as a general guide, but IT admins must combine that factor with knowledge of the systems and services in use in the environment, the business criticality of vulnerable systems, and other layers of defense that might reduce overall risk in order to determine the actual criticality for their unique network environment.

See also: Group test: 13 internet security suites compared

IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 off Retina iMac with new model