News
Microsoft Issues Record 31 Patches
Microsoft Corp. last week issued 10 security updates that patched a record 31 vulnerabilities
By Gregg Keizer, Computerworld
June 15, 2009 — Computerworld —
Microsoft Corp. last week issued 10 security updates that patched a record 31 vulnerabilities -- 18 marked "critical" -- in Windows, Internet Explorer, Excel, Word and other applications.
The bugs are the largest number that Microsoft has patched in a single month since the company began its regular update program in 2003. The previous record of patches for 28 flaws was set last December.
"This is a very broad bunch," said Wolfgang Kandek, chief technology officer at security company Qualys Inc.
"You've got work [to do] everywhere; servers and workstations, and even Macs if you have them. It's not getting any better. The number of vulnerabilities [Microsoft discloses] continues to grow," he added.
Of the 10 bulletins, six patched some part of the Windows operating system, three patched an application or component in the Office suite, and one fixed several flaws in IE.
Eighteen of the 31 bugs carried Microsoft's most serious label in its four-step ranking, while 11 were tagged as "important," the next-lowest level, and two were judged "moderate."
Andrew Storms, director of security operations at nCircle Network Security Inc., suggested that users first patch the IE bugs.
"IE's, by far, take the cake," Storms said. "There are eight [common vulnerabilities and exposures], and there's no doubt that it will be exploited."
Eric Schultze, chief technical officer at Shavlik Technologies LLC, added updates to Internet Information Server and Active Directory to the IE patch in his list of recommendations of what to fix first.
The IIS flaw affects some systems that have enabled Web-based Distributed Authoring and Versioning, or WebDAV, a set of HTTP extensions used to share documents over the Web.
A separate update also includes a tool that can detect a rogue antivirus program called Internet Antivirus Pro. The rogue program tries to trick users into installing password-stealing software.
© 2009 Computerworld Inc.
Microsoft
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- WagerWorks Takes Fraudsters Out of the Game Using iovation
- A Security Blueprint Delivered From within the Network
- Comparing Research In Motion and Microsoft Mobile Solutions
- The Total Economic Impact of Network Security Intrusion Prevention
- Protecting Your Intellectual Property White Paper
- Seven Technologies for Advanced Mail Protection
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
Digital ID World
-
September 14 - 16, 2009Rio Hotel and CasinoRegister Now »
Las Vegas, Nevada
(ISC)2 members can earn up to 24 CPE Credits!
Reference priority code ONLINE and attend the full conference for the reduced rate of $995!
