Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Microsoft released a record-breaking security update on Tuesday, patching 64 vulnerabilities with 17 bulletins -- nine labeled "critical" and eight deemed "important."
The software giant and most vendor experts agreed that MS11-018, which resolves five flaws in Internet Explorer, rates as the highest-priority fix because of limited attacks underway against two of the vulnerabilities and the ease by which further exploits could take shape. One of the bugs became publicly known after it was demonstrated at CanSecWest's Pwn2Own hacker competition in Vancouver last month.
Internet Explorer 9 is not affected by the flaws, which can spread if a user visits a malicious web page.
Administrators also should consider MS11-019 and MS11-020 as high-priority patches, Pete Voss, senior response communications manager at Microsoft Trustworthy Computing, said in a blog post.
The former addresses one publicly known and one privately reported flaw, both client-side, in the Windows Server Message Block (SMB).
The latter addresses a server-side SMB bug, which has some observers wondering if, left unpatched, it could lead to a "wormable" exploit, similar to the Conficker outbreak of 2009.
"Attackers can send a specially crafted packet to a server running this file-sharing service and take control of the machine," explained Wolfgang Kandek, CTO of vulnerability management firm Qualys. "Companies that make SMB accessible over the internet are especially at risk. However, the main attack opportunity is going to be inside of enterprise networks, once an attacker has established a presence on the network."
Among the other patches, Microsoft filled a zero-day hole in the MHTML (MIME Encapsulation of Aggregate HTML) protocol handler, used by applications to render certain types of documents. The flaw, rated important, has been abused in “limited, targeted attacks," Microsoft has said.
With the update, the software giant also released the Office File Validation tool, announced in December, which helps to block malware cloaked as a legitimate Office document, a common technique used by virus writers. A rootkit evasion tool also was part of the update.
No matter which way one slices it, administrators will have their hands full with Tuesday's update. The previous record for vulnerabilities addressed in one month was 49, back in October.
"Business users need to have a risk management strategy in place to prioritize the patches," said Dave Marcus, director of security research and communication at McAfee Labs.
This article originally appeared at scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.