Welcome Guest [Log In] [Register]

Kia Ora
You are currently viewing our forum as a guest. This means you are limited to certain areas of the board and that there are some features you can't use or read.

We are an active community of worldwide senior members participating in chat, politics, travel, health, blogging, graphics, computer issues & help, book club, literature & poetry, finance discussions, recipe exchange and much more. Also, as a member you will be able to access member only sections, many features, send personal messages, make new friends, etc.

Registration is simple, fast and completely free. Why not register today and become a part of the group. Registration button at the very top left of the page.

Thank you for stopping by.

Join our community!

In case of difficulty, email worldwideseniors.org@gmail.com.
If you're already a member please log in to your account to access all of our features:

Username:   Password:
Add Reply
Monster Patch Tuesday fixes 34 Windows bugs; Win7, Vista & XP - record # patches
Topic Started: Oct 16 2009, 08:46 AM (54 Views)
Deleted User
Deleted User

Monster Patch Tuesday fixes 34 Windows bugs
Windows 7, Vista & XP get record number of patches
Gregg Keizer

Microsoft yesterday delivered a record 13 security updates that patched 34 vulnerabilities in every version of Windows, including the not-yet-for-sale Windows 7, as well as in Internet Explorer (IE), Office, SQL Server and other parts of its software portfolio.

The 34 flaws were also a record number for Microsoft, the most holes patched in one sitting since Microsoft switched to a regular monthly update schedule six years ago. The closest competitor was December 2008, when the company tackled 28 bugs.

"To anyone following Apple, this isn't a big surprise," said Andrew Storms, director of security operations at nCircle Network Security, referring to Microsoft's operating system rival, which typically issues security updates that include scores of fixes. "But this is certainly an unprecedented month for Microsoft."

Microsoft ranked 8 of the 13 updates and 21 of the 34 vulnerabilities as 'critical', the top rating in its four-step scoring system. The remainder of the bulletins were judged 'important', the next threat level down, while nine of the flaws were also pegged important, and the final 4 were tagged as 'moderate'.

Among today's patches were several for zero-day vulnerabilities - bugs for which exploit code had already gone public. One of the zero-day vulnerabilities was undisclosed until yesterday.

Microsoft patched three vulnerabilities in SMB (Server Message Block) 2, a Microsoft-made network file- and print-sharing protocol that ships with Windows; two bugs in the FTP server that's included with older editions of its Internet Information Services (IIS) web server; and two in the Windows Media Runtime. The flaws in SMB 2 and IIS had been public knowledge since early September, but the Windows Media vulnerabilities included one that Microsoft said was already in the wild, but had not leaked to the usual public sources, such as security mailing lists.

For that reason, Storms urged everyone to deploy the MS09-051 update, which patches the Windows Media bugs, as soon as possible. "At first glance, [MS09-]051 should be patched immediately," he said. "What's interesting today is that we're learning it's in the wild. More important, it can be exploited in drive-by attack situations, just be getting people to go to a [malicious] website."

Early last month, Microsoft revealed the SMB 2 vulnerability, but although attack code went public, security researchers have not seen any actual attacks. The flaw affects Windows Vista, Windows Server 2008 and preview releases of Windows 7, but not the final edition slated for retail release next week.

The FTP flaw , on the other hand, was disclosed by Microsoft Sept. 1, when the company confirmed that its security team was investigating attack code that hit the street on the last day of August.

Microsoft also fixed a slew of flaws today that go back to a programming error in one of its code libraries, Active Template Library (ATL). The company had acknowledged the error last summer. Yesterday's patches quashed three ATL-related bugs in Office and set 'kill bits' to disable four or more Microsoft-made ActiveX controls for Windows Live Mail, the MSN Photo upload tool, and various Office document viewers used by Internet Explorer (IE) to display spreadsheets, charts and databases on the web.
[/quote]

More details at PC Advisor - http://www.pcadvisor.co.uk/news/index.cfm?newsid=3204041
Quote Post Goto Top
 
Trotsky
Member Avatar
Big City Boy
Oh yes,
The update was a DOOZY...
I had time to floss, brush my teeth, wash my hands and take my Lipitor and aspirin, check the outside temperature, turn off the TV and a couple other things before it finished the auto download and let the machine turn off for the night. I have to wait around becasue I turn off all power to the system at the surge protector level.
Offline Profile Quote Post Goto Top
 
Deleted User
Deleted User

Trotsky ... you are priceless. Posted Image
Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
« Previous Topic · Computer Help · Next Topic »
Add Reply