Microsoft to deliver six patches covering 15 flaws

By

20 fewer than last month.

Microsoft has revealed that it plans to distribute six patches, covering 15 vulnerabilities, as part of its November security update, scheduled for next Tuesday.

Three of the bulletins are labeled "critical", while the other half are marked "important", according to an advance notification. The three critical and one of the important patches are slated to resolve flaws in Windows, while the remaining two important bulletins will address holes in Office.

None of the bugs are present in the just-released Windows 7 operating system.

Most vulnerability experts agree that administrators should be most wary of Bulletin 3, which is rated critical across Windows 2000, XP, Vista, and Server 2008.

Based on the limited information that Microsoft provides prior to releasing the patches, HD Moore, chief security officer at Rapid 7 and creator of Metasploit Framework, predicts that the vulnerability resides on a common application programming interface, such as GDI (graphics display interface).

Andrew Storms, director of security operations at nCircle, said another interesting patch is Bulletin 1, which exclusively affects Vista and Server 2008, which is surprising considering they are considered more securely coded platforms than their predecessors.

Administrators likely will have an easier time with Tuesday's patch batch. Last month's release consisted of 13 bulletins covering a record 34 vulnerabilities, including two severe zero-days.

See original article on scmagazineus.com

Microsoft to deliver six patches covering 15 flaws
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?