If you stand among that community which has any mean to computer running Windows or Internet Explorer or Office, then you must pay attention to the recent release from Microsoft. In order to make its own baby more secure and reliable, Microsoft has released it’s largest-ever set of security patches Tuesday, fixing a total of 49 bugs in products such as Windows, Internet Explorer and Office.
A group of 16 patches ( updates ) contains 2 major & priority fixes – the Internet Explorer fix numbered MS10-071 and a Windows patch numbered MS10-076. Company believes attack code is likely to be developed that will target bugs fixed by both of those updates. These two updates handles the driven-by internet attack where hackers tricks the victim into visiting a Web page that takes advantage of the bug to install a malicious program on the victim’s machine.
The MS10-71 update fixes 10 major Internet Explorer bugs. Two are rated critical, meaning they could be used in a drive-by. The MS10-076 update fixes a single critical flaw in the Windows Embedded OpenType (EOT) Font Engine, used by Internet Explorer. The latest versions of Windows include a security technology called ASLR (address space layout randomization) which makes it harder to exploit that type of bug, Microsoft believes attackers are likely to develop attacks for older versions of the operating system such as Windows XP.
Besides the above major updates, two other updates which a bug in Microsoft’s .Net Framework, are also important for users as most of the windows latest software are based on .Net framework. Another update for Microsoft Windows Media Player – MS10-075, which fixes a critical flaw in the Network Sharing Service, used by Windows to share music files and other media over the network. This service is turned on by default with Windows 7 Home Edition, but a hacker would have to first be on the local network to launch an attack, Microsoft said.
After going through the details of every update released by Microsoft, we recommend people should download and install the whole set of patch instead of few crucial one. Symantec says 35 of the 49 bugs fixed on Tuesday could give hackers a way to run unauthorized software on a victim’s machines, and Microsoft says attacks are likely to be developed that exploit some of the lower-rated issues as well.
New set of updates also contains few fixes for widely used Microsoft XP IS. MS10-073 has been rated important by Microsoft which fixes a Windows XP bug that was leveraged by the creators of the Stuxent worm. Stuxnet is the first publicly known worm built to attack industrial systems and it has made headlines during the past weeks amidst speculation that it was designed to target nuclear systems in Iran.
You can download the whole set of updates from HERE.
Very nice post.