- 10 June 2009 11:31
Symantec Voice of Reason: Microsoft Patch Tuesday - 10 June 2009
This month, Microsoft issued 10 security bulletins and two security advisories. The 10 bulletins address a total of 31 vulnerabilities, 17 of which are rated as critical. This is the largest number of vulnerabilities addressed in a single release by Microsoft; the previous record being 28 last December.
“Of the patches issued this month, the most significant appear to be several that affect Internet Explorer, as the Web continues to be a preferred method of exploit by cybercriminals,” said Ben Greenbaum, senior research manager, Symantec Security Response. “The four Internet Explorer fixes that address HTML object memory corruption vulnerabilities—the first ever patch for Internet Explorer 8 being among these—are of particular interest. These weaknesses actually appear to be quite simple to exploit and we have observed malicious code being offered in malware toolkits that have taken advantage of very similar vulnerabilities.”
“It should also be noted that exploits for the vulnerability Microsoft addressed this month in Internet Information Services have previously been made publicly available.” Greenbaum added.
A video of Symantec Security Response’s John Harrison discussing the vulnerabilities addressed this month can be viewed here: http://www.youtube.com/watch?v=-X51L07fk48. Please feel free to post this video.
Symantec strongly encourages users to patch their system against these vulnerabilities. In addition, enterprises are encouraged to consider implementing an automated patch management solution to help mitigate risk.
Please visit the Symantec Security Response Weblog for more information and let me know if you are interested in speaking with a Symantec expert about any of these security vulnerabilities.
The Symantec Security Response blog can be viewed here: http://www.symantec.com/enterprise/security_response/weblog/
Additional information on Microsoft’s security bulletins can be found here: http://www.microsoft.com/technet/security/bulletin/ms09-jun.mspx
+61 2 9954 3492
+61 2 8220 7158
Sign up now »
Cloud and Co-Location Solutions
iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.
- Statistics reaffirm breach threat, but executive inaction still impeding security: Black Swan
- Google asks to make surveillance orders public, citing First Amendment
- Expanded '2-person rule' could help plug NSA leaks
- Think like an attacker -- not a consultant
- SMBs having problems with backup, recovery: study
- Google Analytics advocate touts plans to own the Universal customer view
- ADMA criticises government plans for compulsory data breach notification
- The innovative and social CMO: CommBank's Andy Lark
- 5 social media deals that make Waze and Tumblr seem like steals
- Omnicom Media Group to deploy Salesforce Marketing Cloud worldwide