Categories: PCSecurityWorkspace

Microsoft Tackles 34 Vulnerabilities In Latest Patch Tuesday

Microsoft released 10 security bulletins today to address 34 vulnerabilities, including several with Microsoft’s highest exploitability rating.

The exploitability rating ranks vulnerabilities according to the likelihood attackers will develop reliable exploit code. Three of the bulletins are rated “critical.” Among them is MS10-033, which plugs two Windows security vulnerabilities that could allow an attacker to exploit remote code if a user is tricked into opening a malicious media file or receives specially crafted streaming content.

The other critical bulletins are MS10-034, which address two Windows vulnerabilities, and MS10-035, a cumulative update for Internet Explorer that swats a number of bugs. Among them, noted Qualys CTO Wolfgang Kandek, is the bug exploited earlier this year in the Pwn2Own hacking contest at CanSecWest.

To Symantec’s Joshua Talbot, the most serious vulnerability is actually the Windows kernel TrueType font parsing issue covered in MS10-032.

Windows kernel TrueType font parsing vulnerability

“The most serious is the Windows kernel TrueType font parsing vulnerability,” said Talbot, security intelligence manager for Symantec Security Response, in a statement. “Exploiting this—likely through a drive-by download attack—would give an attacker near system-level privileges. It’s doubtful that attackers would compromise a legitimate site to exploit this vulnerability, so users should be extra cautious of social engineering tricks coaxing them to visit unfamiliar Web pages, which could contain a malicious font.”

The fixes also include a patch for a vulnerability in Microsoft SharePoint the company warned about in late April and a massive update for Microsoft Office that patched 14 vulnerabilities. “Customers should review their asset management systems and verify that all Windows XP devices have been upgraded to SP3 and that all Windows 2000 devices have been replaced or removed from the network,” advised Josh Abraham, a security researcher with Rapid7. “The most critical area of weakness for many organizations are third-party devices that are still using these operating systems. For these systems, customers will need to contact the vendor and verify the upgrade process.”

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

German Government Plots €2 Billion For Chip Subsidies – Report

Is it enough? After Intel disappointment, Germany to offer approximately 2 billion euros in subsidies…

14 hours ago

Google Asks Appeal Court To Throw Out Epic App Store Verdict

After Epic Games 2023 courtroom victory, Google appeal argues “dramatic redesign” of Play store will…

16 hours ago

Intel Says $7.86bn Grant From US Will Restrict Foundry Spin-off

Chip giant's plan for Intel Foundry to be spun off as independent subsidiary will be…

17 hours ago

EU Closes Amazon State Aid Case Over Taxes

European Commission closes three failed state-aid investigations over tax rulings for Amazon, Fiat and Starbucks

18 hours ago

Australian Senate Passes Social Media Ban For Under-16s

Ban on social media for under-16s has been passed by Senate in Australia, and will…

20 hours ago