Free PC Support
PC Help Forums from the Experts at
Search The Web Search This Site
 RSS FeedRSS Feed   FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Microsoft Patches Critical IE9, Windows Bugs

Reply to topic    Free PC Support Forum Home -> IT News
Author Message

Joined: 13 Jun 2011
Posts: 2

PostPosted: Wed Jun 15, 2011 3:55 am    Post subject: Microsoft Patches Critical IE9, Windows Bugs Reply with quote

Microsoft today patched 34 vulnerabilities in Windows, Internet Explorer (IE), Office and other software, 15 of them labeled "critical" by the company.

The large number of updates -- as well as the fact that Microsoft issued them two hours later than usual -- will put pressure on enterprise administrators, one expert said.

"No doubt IT administrators will have to pick and choose where to act first," said Wolfgang Kandek, chief technology officer for Qualys.

Of the 16 updates, which Microsoft calls bulletins, nine were pegged critical, the most-serious rating in the company's four-step scoring system, while the remaining seven were tagged "important," the next-most-dangerous category.

While the number of bugs patched today was significantly less than the record 64 Microsoft fixed in April , it was the second-highest total for the year. The 16 bulletins were just one off the record, also set last April.

Fifteen of the 34 total vulnerabilities were rated critical, 17 were ranked important, and two were marked as "moderate."

Microsoft picked four of the 16 updates to highlight, and urged customers to roll out the quartet as soon as possible.

"Our top priorities are MS11-050, MS11-052, MS11-043 and MS11-042," Jerry Bryant, group manager with the Microsoft Security Response Center (MSRC), said in an interview earlier today. Bryant listed the four in the order of priority.

Among the deploy-immediately bulletins, MS11-050 offered 11 patches for IE that Microsoft and independent experts pinned to the top of their lists.

"This one is at the top of the list, as it always is when Microsoft patches IE," said Andrew Storms, director of security operations for nCircle Security. "But it's also the first IE9 update, and certainly does look to be true that Microsoft had this bug at the time it launched IE9, or a few days later."

Storms was referring to Microsoft's testing process, which usually lasts two months or more. That timeline would have precluded an IE9 patch in April, the first update scheduled after the browser shipped.

Microsoft habitually patches IE on even-numbered months; the last time it issued a security update for its browser was in April, when it fixed five flaws. Today's, however, was the first critical update for IE9, the browser that Microsoft shipped in mid-March. Four of the 11 patches in MS11-050 affected IE9, said Microsoft.

Nine of the 11 bugs in IE that Microsoft patched today could be exploited by attackers with a "drive-by" attack that requires users to simply visit a malicious Web site.

MS11-052 also affected IE, although Microsoft labeled it as a Windows update.

"The vulnerability is in Windows, but the attack vector is through Internet Explorer," said Bryant. "But IE9 is not affected by this update. [The issue] was addressed before IE9 released..., so that's part of the 'newer is better' message we're getting out to customers," Bryant added.

Only IE6, IE7 and IE8 can be used to exploit the vulnerability patched in MS11-052, not rival browsers, Bryant confirmed.

MS11-043 and MS11-042 were also called out by Bryant today. The former, which patches a single vulnerability in how Windows handles the SMB (server message block) protocol, could be used in what Bryant called a "browse-and-own" attack.

On the bright side, said both Bryant and Storms, many companies have blocked outbound SMB traffic at the firewall, which would prevent exploits of the flaw patched in MS11-043 .

"I think this may be difficult to exploit in the real world," said Storms.

MS11-042 updates DFS (distributed file service), which is used by administrators to group shared folders located on different servers, to patch a pair of bugs -- one critical the other important, in Windows. Microsoft rated the flaw as critical only on Windows XP and Windows Server 2003.

"[MS11-042 and MS11-043] are interesting, but I think they're technically more challenging to attackers," said Kandek.

In fact, Kandek rated MS11-045 , an eight-patch update for Excel, the spreadsheet included with Microsoft Office on Windows and Mac, as the second-most-serious of today's collection, immediately after the IE-oriented combo of MS11-050/MS11-052.

"Microsoft ranks it only as 'important' because the user is required to open an attacker-provided file, but we believe that attackers have shown often enough that they have the skills to make opening the file enticing to users," said Kandek.

"If I was the attacker, this would certainly be one I would use, if only because users tend to trust Excel files," Kandek added.

Of the eight vulnerabilities patched in the Excel update, only one affected the newer versions, Excel 2007 and Excel 2010 on Windows; two impacted Excel 2011 on the Mac.

"It's blatantly clear that the newer Office software is much better and more secure," said Storms.

Microsoft also issued updates today for SQL Server, its Forefront 2010 security product, the .Net Framework and Silverlight development platforms, and the virtualization hypervisor included with Windows Server 2008 and Server 2008 R2.

June's security updates can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services (WSUS).
Back to top
View user's profile Send private message

Joined: 31 May 2010
Posts: 813
Location: Morecambe

PostPosted: Wed Jun 15, 2011 8:15 am    Post subject: Reply with quote

A small one this month
Back to top
View user's profile Send private message Send e-mail Visit poster's website

Joined: 14 Aug 2014
Posts: 1
Location: England

PostPosted: Sat Oct 04, 2014 8:02 am    Post subject: Comprar Bolsos Longchamp Baratos Reply with quote

Delvaux,[url=]Comprar Bolsos Longchamp Baratos[/url], the oldest luxury leather goods house in existence has brought their high quality,[url=]Bolsos Longchamp Comprar Online[/url], exclusive line of handbags to the united states. A privately owned business,[url=]Bolso Longchamp Baratos[/url], Delvaux prides itself in providing extremely high resolution leather goods to consumers since 1829. In 2009,[url=]Comprar Bolsos Longchamp Online[/url], Delvaux celebrated their 180th year wedding. The handbag line by Delvaux is arguably one of the finest the actual planet world and rival only to Hermes.
Whether you want to buy jewelry,[url=]Comprar Bolso Longchamp[/url], purses or replica Chanel watches,[url=]Bolsos Longchamp[/url],[url=]Bolsos Longchamp[/url], one crucial thing you require look out for may be the material. Each these purses use the largest quality of leather. Document between 2 purses is that the reissue uses leather material that looks Longchamp handbag worn out,[url=]Bolsos Longchamp Precios[/url],[url=]Bolsos Longchamp Precios[/url], this is what was for your original container.
So far,[url=]Comprar Bolso Longchamp Online[/url], this is considered by some since process as a result quite impossible. It all depends on the shape of your photo handbag. Image quality you have chosen will eventually become pasted and featured on each side of your photo handbag as well as the lid upper part.
Dillard's is also having a trade-in time. Bring in any clean,[url=]Comprar Bolsos Longchamp[/url],[url=]Longchamp Bolsos Baratos[/url], used watch and be given a discount on any regular priced watch purchase of $50 or more. All used watches will also be donated in order to local good cause. Save $15 on a watch valued at $50-$75; save $25 on a watch worth $76-$125; save $40 on a watch valued at $126-$199 or save $50 on watch valued at $200 additional.
Sheila Nazarian and Laura Darrah always be dynamic dou behind Treesje,[url=]Bolsos Longchamp Baratos[/url],a handbag line that's sparked great the demand for many fashion-conscious celebrities like Jennifer Aniston,[url=]Bolsos Longchamp[/url], Eva Longoria,[url=]Longchamp Bolsos[/url], Lindsay Lohan and Courtney Cox. Much like the designers themselves,[url=]Longchamp Baratos[/url], I found Treesje handbags to be a stylish combination of Longchamp bag trendy and luxe; an easy way include luxe of your fashion look. It's something important to fashionable women about the run. Here is an up close interview associated with ladies.
A huge mistake could be the writing round the inside is definitely in English and read normally,[url=]Longchamp Bolsos Baratos[/url]. Some knockoffs are fashioned y people today who do not know how to properly speak English so write things backwards.
It is really easy to pay for a shoulder bag via the internet due to the fact that the buyer can pay by using that virtual money that is his/her credit or debit cards. All one has to do to be able to provide the mandatory information about her cards then is going to be will be transferred for the merchant account within not enough available time.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Reply to topic    Free PC Support Forum Home -> IT News All times are GMT
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

2005 - 2017 All Rights Reserved
Terms and Conditions