Categories: PCSecurityWorkspace

Microsoft Patch Tuesday Fixes 34 Vulnerabilities

Microsoft has used its usual Patch Tuesday update to address a record number of vulnerabilities (34 in total), including six affecting its forthcoming replacement for the Vista operating system.

The vulnerabilities are covered by 13 security bulletins, and span Microsoft Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools and SQL Server. Eight of the bulletins were given a critical rating, Microsoft’s highest severity classification.

Six of the security bulletins affect the soon-to-be-released Windows 7 operating system, including MS09-054 and MS09-061, which are both rated critical. Those two bulletins include a critical update for Internet Explorer (MS09-054) and a fix for three vulnerabilities (MS09-061) in the Microsoft .NET Common Language Runtime that could be exploited to remotely execute code.

MS09-50 features fixes for three security vulnerabilities affecting Microsoft SMB (Server Message Block) protocol. Among the flaws is a zero-day bug disclosed in September that is due to the SMB implementation not properly parsing SMBv2 negotiation requests. Officials at Symantec said they have yet to see reliable exploits for the vulnerability in the wild, but there have been limited attempts to exploit the flaw.

Meanwhile, vulnerabilities in the FTP Service in IIS (Internet Information Services) have in fact come under attack, though the bulletin is only rated important. The vulnerabilities could allow RCE (remote code execution) on systems running FTP Service on IIS 5.0, or DoS (denial of service) on systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0.

Additionally, the Patch Tuesday update includes fixes tied to ActiveX Controls compiled using a vulnerable version of Microsoft Active Template Library. The bulletin addresses three vulnerabilities affecting all supported editions of Microsoft Outlook versions 2002, 2003 and 2007, as well as Microsoft Visio Viewer versions 2002, 2003 and 2007.

Other critical bulletins dealt with issues affecting Windows Media Runtime, Windows Media Player, Internet Explorer, ActiveX Kill bits, Windows GDI+, the Microsoft .NET Framework and Microsoft Silverlight.

Beyond the FTP bulletin, four others were also rated important, and touched on the Windows CryptoAPI, Indexing Service, the local authority subsystem service and the Windows kernel.

Microsoft also used the opportunity to re-release MS 08-069, which dealt with a vulnerability in Microsoft XML Core Services.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

View Comments

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

4 hours ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

7 hours ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

9 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

1 day ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

1 day ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

1 day ago