Fixes For 23 Bugs In Microsoft Patch Tuesday

Microsoft plans to patch 23 vulnerabilities in Microsoft Windows, Silverlight and server software as part of the October Patch Tuesday release.

Microsoft will release eight security bulletins, of which two are rated “critical”, according to the Microsoft Security Bulletin Advance Notification. The remaining important bulletins address flaws in Forefront Unified Access Gateway, Host Integration Server as well as some versions of Windows.

Mandatory IE Update

One of the critical bulletins patches a bug in Windows and Internet Explorer that if exploited would allow attackers to remotely spread malicious code, Microsoft said. Affected software versions include Internet Explorer 6 through 8, Windows XP,Vista and 7, as well as Windows Server 2003 and 2008.

“As usual, this month we will receive the mandatory critical update to Internet Explorer,” Andrew Storms, director of security for nCircle, told eWEEK.

Attackers will continue to trick users into clicking on malicious links, so they will continue exploring Web browsers and plug-ins for weaknesses to exploit, Marcus Carey, security researcher at Rapid7, told eWEEK.

“My standard advice is to be careful when browsing,” Carey said.

The other critical bulletin fixes a bug present in .NET and Silverlight. It “looks very close” to a bug patched in June that allows remote code execution in both frameworks, according to Carey. He noted that the implications would most likely mirror MS11-039 in that attackers can launch server and client-side attacks through .NET and Silverlight applications.

When bugs are disclosed in a product, exploit developers often look for similar issues within the product that result in the same type of vulnerabilities, Carey said.

The bugs “could provide a good hunting ground for malware authors”, Storms said.

Remote Access Fix

One of the bulletins fixing bugs in Microsoft Forefront Unified Access Gateway 2010 was “interesting” to Carey because of the fact that it was found in the remote-access software.

“No one wants to hear that software that is designed for security is vulnerable to remote code execution,” Carey said. Attackers will likely look at this bulletin and related vulnerabilities closely, and organisations should keep an eye out for any suspicious activity on servers running Forefront, he added.

Nearly all the patches in this bulletin require a restart, which will “cause widespread disruptions across both Internet connected servers and user community desktops”, Paul Henry, security and forensic analyst for Lumension, told eWEEK.

As for the release’s size, Storms said it was as expected. “It’s significantly less than October 2010 when we were treated to 16 bulletins that patched a whopping 49 vulnerabilities,” Storms said.

Microsoft is also expected to release an updated version of the Malicious Software Removal Tool as part of the Patch Tuesday release to address the issue where Microsoft Security Essentials and Forefront were accidentally flagging Google’s Chrome Web browser as malicious and erasing it from Windows systems.

Along with the advance notification, Microsoft released Service Pack 3 for Office 2007 and SharePoint 2007, which includes a roll up of previously patched issues as well as newly discovered ones.

Microsoft is scheduled to distribute the October Patch Tuesday updates on 11 October.

Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

Share
Published by
Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

12 hours ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

14 hours ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

16 hours ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

1 day ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

1 day ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

1 day ago