Microsoft to deliver six patches covering 15 flaws

By

20 fewer than last month.

Microsoft has revealed that it plans to distribute six patches, covering 15 vulnerabilities, as part of its November security update, scheduled for next Tuesday.

Three of the bulletins are labeled "critical", while the other half are marked "important", according to an advance notification. The three critical and one of the important patches are slated to resolve flaws in Windows, while the remaining two important bulletins will address holes in Office.

None of the bugs are present in the just-released Windows 7 operating system.

Most vulnerability experts agree that administrators should be most wary of Bulletin 3, which is rated critical across Windows 2000, XP, Vista, and Server 2008.

Based on the limited information that Microsoft provides prior to releasing the patches, HD Moore, chief security officer at Rapid 7 and creator of Metasploit Framework, predicts that the vulnerability resides on a common application programming interface, such as GDI (graphics display interface).

Andrew Storms, director of security operations at nCircle, said another interesting patch is Bulletin 1, which exclusively affects Vista and Server 2008, which is surprising considering they are considered more securely coded platforms than their predecessors.

Administrators likely will have an easier time with Tuesday's patch batch. Last month's release consisted of 13 bulletins covering a record 34 vulnerabilities, including two severe zero-days.

See original article on scmagazineus.com

Microsoft to deliver six patches covering 15 flaws
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Log In

  |  Forgot your password?