Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Microsoft plans to ship 16 bulletins to patch 49 vulnerabilities across its product line, including Windows, Internet Explorer, Office and the .NET Framework.
The previous record number of patches was set in August, when Microsoft pushed out fixes for 34 flaws.A quarter of the 16 patches are labeled "critical", while 10 carry a less severe "important" rating and two others are listed as "moderate."There are a number of publicly known issues affecting Microsoft, namely two zero-day, privilege-escalation vulnerabilities being leveraged by Stuxnet attackers. Stuxnet is a pernicious worm that has been used to attack critical infrastructure facilities, mainly in Iran, India and Indonesia.It also is possible that some of the patches will resolve a new attack vector, involving a class of vulnerabilities, known as DLL preloading, that can be used to infect PCs when an application is tricked into loading a malicious library.In addition, Microsoft last month began investigating a data-stealing vulnerability impacting its newest web browser, Internet Explorer 8.But, as is typical, Microsoft did not name which bugs would be patched. Some experts suggested that Microsoft tends to deliver large October releases because many industries are reticent to make major system upgrades in November or December."The theory behind the larger October patch is that many industries go into ‘lock-down' mode with their critical infrastructure as the end of year approaches," said Andrew Storms, director of security operations at nCircle, provider of vulnerability management solutions. "Finance and retail sectors in particular are extremely careful with changes in the latter part of the year given the heavy volume of online shopping."See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.