News

Microsoft Readies Eight Fixes for October's Security Bulletin

Microsoft released information on eight patches in its advanced notification of the October monthly security bulletin.

There are two "critical" and six "important" items covering a range of products including Microsoft .NET Windows, Internet Explorer, Forefront and Microsoft Host Integration Server.

Remote code execution dominates the risk profile for all but two of the items on the patch slate. The remaining two are denial-of-service and elevation-of-privilege considerations.

The first critical bulletin affects .NET and Silverlight.

Marcus Carey, a security researcher at Rapid7, opines that this patch, along with all critical items, needs to be examined closely.

"This bulletin looks very close to MS11-039, which was patched in August. When exploit developers look for bugs disclosed in products, they usually find similar bugs which result in the same type of vulnerabilities," he said.

As for the other, an often-patched Internet Explorer once again will be receiving a fix.

Speaking on the Internet Explorer item, Carey said attackers will continue to get users to click on links to malicious Web sites. He says to expect the attackers to continue to explore these browsers and plug-in weaknesses, which have been the bane of Microsoft's browser for some time.

Paul Henry, security and forensic analyst for Lumension, called October's predicted batch of fixes a "trick and treat" patch.

The Treat is that there are less critical items and more Windows fixes, he said. The trick is in the operational challenges of rebooting systems.

"Nearly all require a restart, which will cause widespread disruptions across both Internet-connected servers and user community desktops."

As usual, consult Microsoft Knowledge Base Article 894199 for more information.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus