Microsoft releases its biggest Patch Tuesday update ever, bundling fixes for 34 vulnerabilities in a baker's dozen of security bulletins. Most of the bulletins deal with security issues in Windows, including six bulletins affecting Windows 7.
issued a massive
Patch Tuesday update
Oct. 13 to address 34 vulnerabilities across its
The vulnerabilities are covered by 13
and span Microsoft Windows, Internet Explorer, Office,
Silverlight, Forefront, Developer Tools and SQL Server. Eight of the bulletins
were given a critical rating, Microsoft's highest severity classification.
read about how Microsoft Security Essentials could benefit businesses, click
Six of the security bulletins affect the soon-to-be-released Windows 7
operating system, including MS09-054 and MS09-061, which are both rated
critical. Those two bulletins include a critical update for Internet Explorer
(MS09-054) and a fix for three vulnerabilities (MS09-061) in the
Microsoft .NET Common Language Runtime that
could be exploited to remotely execute code.
for three security vulnerabilities affecting Microsoft SMB
(Server Message Block) protocol. Among the flaws is a zero-day bug disclosed in
September that is due to the SMB implementation not properly parsing SMBv2
negotiation requests. Officials at Symantec
said they have yet to see reliable
exploits for the vulnerability in the wild, but there have been limited
attempts to exploit the flaw.
read more about Windows 7 security, click here.
in the FTP Service
in IIS (Internet Information Services) have in fact come
though the bulletin is only rated important. The
vulnerabilities could allow RCE (remote code execution) on systems running FTP
Service on IIS 5.0, or DoS (denial of service) on systems running FTP Service
on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0.
Additionally, the Patch Tuesday update includes fixes tied to ActiveX
Controls compiled using a vulnerable version of Microsoft Active Template
Library. The bulletin addresses three vulnerabilities affecting all supported
editions of Microsoft Outlook versions 2002, 2003 and 2007, as well as
Microsoft Visio Viewer versions 2002, 2003 and 2007.
Other critical bulletins dealt with issues affecting Windows Media Runtime,
Windows Media Player, Internet Explorer, ActiveX Kill bits, Windows GDI+,
the Microsoft .NET Framework and Microsoft
Beyond the FTP bulletin, four others were also rated important, and touched
on the Windows CryptoAPI, Indexing Service, the local authority subsystem
service and the Windows kernel.
Microsoft also used the opportunity to re-release MS 08-069, which dealt
with a vulnerability in Microsoft
"Most of this month's
updates require a restart, so please refer to the bulletins when you're
planning your deployment to ensure you're fully protected," Bryant blogged.
"We want to specifically note that MS09-050 requires a restart but will
not prompt you to do so if you install the update manually."