subscribe: Daily Newsletter

 

‘Mammoth’ Patch Tuesday from Microsoft

0 comments

On Tuesday Microsoft released 11 security bulletins, covering a total of 26 vulnerabilities. This is the biggest Patch Tuesday for some time, with the most bulletins since last February, and the most patches on individual vulnerabilities in the past two years.

"This is a mammoth Patch Tuesday, and we have not seen anything of this scale in a long time," says Karthik Raman, a research scientist at McAfee.
Six of the bulletins are rated critical by Microsoft because the vulnerabilities could allow attackers to take complete control over a computer running the vulnerable software. The remaining bulletins are rated important, one notch lower on Microsoft's severity scale.
Two Microsoft patches (MS08-041 & MS08-042) cover vulnerabilities that had already been publicly disclosed and are actively being used in cyberattacks.
The majority of the vulnerabilities addressed by Microsoft's bulletins can be exploited through malicious Web sites or by tricking a computer user into opening a rigged image or Office file.
"Many of the vulnerabilities addressed by the fixes could be exploited if a Windows user simply views a malformed image or visits a malicious Web site, a favorite attack method among cybercriminals," Raman says.
McAfee recommends that home users install Microsoft's patches as soon as possible