Patch Tuesday Fixes a Record 26 Vulnerabilities
This month Microsoft issued 11 bulletins that address a record 26 vulnerabilities, 17 of them rated as critical. The 26 vulnerabilities are the most Microsoft has addressed since it had 25 in August 2006, which plus had 17 rated as critical.
The patch for the vulnerability in the Snapshot Viewer for Microsoft Access ActiveX control is vital considering shortly after the issue became public on July 7 there was evidence of it actively being exploited, according to Ben Greenbaum, senior research manager for Symantec shield response.
“Since next, attackers have fine-tuned their exploits, resulting in even more widespread attacks,” Greenbaum said. “The Snapshot Viewer issue impacts any Web Explorer 7 users that have the ActiveX control installed and any Net Explorer 6 users regardless whether they have the control installed or not. The nature of the control allows the attacker to install [malicious code] and exploit the vulnerability without any user interaction.”
An Early
Summer vacation may be by a little early for network protection professionals. All seven critical patches are identified as fixing “remote cipher execution” vulnerabilities that can in many cases give criminals control of a computer and access to its resources.
To form things even busier, IT teams need to ensure that they have addressed two recent and crucial Microsoft protection Advisories, said Don Leatham, director of solutions and strategy at Lumension shield. Those advisories are MS-954960 and MS-956187.
“Once exploit cipher for the DNS vulnerability announced in July became available, Microsoft took the strange step to issue that shield advisory that encouraged customers to update their DNS servers ASAP, even though the original bulletin rating was an crucial and not as Critical,” Leatham said. “Given the publicly available exploit cipher and the possible compromise of critical DNS services, IT teams that have not deployed that…
Orginal post by Mike
No comments yet. Be the first.
Leave a reply
