Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Microsoft on Tuesday released eight fixes to address 23 vulnerabilities that lie across its software and operating system components.
Most notable is bulletin MS11-081, a "critical" patch that closes eight privately reported holes in Internet Explorer (IE) and affects all supported versions, including IE 9. Some of the vulnerabilities can be exploited simply by a user visiting a malicious website.
The only other critical fix is MS11-078, which repairs a privately reported vulnerability in .NET Framework and Silverlight.
"The vulnerability could allow remote code execution on a client system if a user views a specially crafted web page using a web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications," according to Microsoft.
Jason Miller, a researcher at VMware, reminded users that deploying a patch such as MS11-078 may take some time.
"It is important to note that Microsoft .NET Framework patches from Microsoft typically take quite a while to run through the patching process," he said. "The patches can also be quite large for each version of the program."
Vulnerability experts said the six remaining bulletins are considered lower priority. However, at least two of them, MS11-075 and -076, address an issue that Microsoft has been dealing with for more than a year. The software giant has been closing off similar vulnerabilities since last summer, when it issued an advisory after research revealed that a new class of vulnerabilities known as DLL (dynamic-link Library) preloading can be exploited remotely by an attacker who places a malicious library on a network share.
This article originally appeared at scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.