Microsoft released 10 security bulletins today to address 34 vulnerabilities, including several with Microsoft’s highest exploitability rating.
The exploitability rating ranks vulnerabilities according to the likelihood attackers will develop reliable exploit code. Three of the bulletins are rated “critical.” Among them is MS10-033, which plugs two Windows security vulnerabilities that could allow an attacker to exploit remote code if a user is tricked into opening a malicious media file or receives specially crafted streaming content.
The other critical bulletins are MS10-034, which address two Windows vulnerabilities, and MS10-035, a cumulative update for Internet Explorer that swats a number of bugs. Among them, noted Qualys CTO Wolfgang Kandek, is the bug exploited earlier this year in the Pwn2Own hacking contest at CanSecWest.
To Symantec’s Joshua Talbot, the most serious vulnerability is actually the Windows kernel TrueType font parsing issue covered in MS10-032.
“The most serious is the Windows kernel TrueType font parsing vulnerability,” said Talbot, security intelligence manager for Symantec Security Response, in a statement. “Exploiting this—likely through a drive-by download attack—would give an attacker near system-level privileges. It’s doubtful that attackers would compromise a legitimate site to exploit this vulnerability, so users should be extra cautious of social engineering tricks coaxing them to visit unfamiliar Web pages, which could contain a malicious font.”
The fixes also include a patch for a vulnerability in Microsoft SharePoint the company warned about in late April and a massive update for Microsoft Office that patched 14 vulnerabilities. “Customers should review their asset management systems and verify that all Windows XP devices have been upgraded to SP3 and that all Windows 2000 devices have been replaced or removed from the network,” advised Josh Abraham, a security researcher with Rapid7. “The most critical area of weakness for many organizations are third-party devices that are still using these operating systems. For these systems, customers will need to contact the vendor and verify the upgrade process.”
Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…
Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…
OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…
New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…
US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…
Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…