iTnews

Quiet Microsoft update fixes 11 flaws with three patches

By Dan Kaplan on Nov 11, 2010 12:26PM
Quiet Microsoft update fixes 11 flaws with three patches

Only one "critical" flaw addressed.

Microsoft has released three patches as part of its monthly security update.

The update closes 11 vulnerabilities, only one of which earned the severity rating of "critical". None of the flaws have been exploited in the wild.

In a blog post, the Microsoft Security Response Center Team encouraged customers to prioritise bulletin MS10-087, which resolves five vulnerabilities affecting Office. The patch drew a "critical" rating for Office 2007 and 2010 thanks to a flaw that could be exploited to execute remote code if a user simply views a malicious RTF (rich text format) file as part of a drive-by attack.

"Although this vulnerability is not publicly known, we are likely to see exploit attempts against [it] in the near future," Jason Miller, data and security team manager at Shavlik Technologies, said. "RTF document attachments are typically not blocked and [are] used as a common shared file format like PDF files." 

Meanwhile, MS10-088 addresses two vulnerabilities in PowerPoint that could be exploited to execute remote code if a user opens a specially crafted PowerPoint file. The bulletin, however, only garnered an "important" rating because user interaction is required to be infected.

Finally, MS10-089 takes care of four flaws in Unified Access Gateway, part of the Forefront enterprise security product line. The most significant of the bugs could allow for privilege escalation.

"No big shockers this month as Microsoft only releases three bulletins," said Josh Abraham, security researcher at Rapid7. "This is good news for anyone that is still behind on their patching after last month's monster Patch Tuesday."

Not fixed in this week's update was a dangerous zero-day exploit, revealed last week, affecting Internet Explorer.

Microsoft's next update is due on December 14.

See original article on scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
11 fixes flaws microsoft patches quiet security three update with

Partner Content

Beat the DDoS blackmails in 2021
Partner Content Beat the DDoS blackmails in 2021
Why companies fail at picking cloud modernisation partners
Partner Content Why companies fail at picking cloud modernisation partners
Shut the door on ransomware
Partner Content Shut the door on ransomware
MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics

Sponsored Whitepapers

Five questions to ask before you upgrade to a SIEM solution
Five questions to ask before you upgrade to a SIEM solution
Effectively addressing advanced threats
Effectively addressing advanced threats
The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • Beat the DDoS blackmailers in 2021
By Dan Kaplan
Nov 11 2010
12:26PM
0 Comments

Related Articles

  • Microsoft details "incredible effort" to hide by SolarWinds hackers
  • Mimecast says hackers hijacked its products
  • Researchers detail SolarWinds code injection attack
  • JetBrains denies involvement in SolarWinds hack
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Defence switches on initial SAP ERP system capability

Defence switches on initial SAP ERP system capability

Downer lands $330m Telstra field services contract

Downer lands $330m Telstra field services contract

Tyro halts trading following week-long outage

Tyro halts trading following week-long outage

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.