New Windows Security Update Patches Critical Flaws
By Gina on February 12, 2010 | Vulnerabilities, Microsoft, Windows, security, update, patches, Miller, PowerPoint
Microsoft delivered huge Windows security update. This is one of companies records, which includes one more security updates, shipping 13 of them in February's Patch Tuesday.
New massive update is compacted of 13 separate security bulletins that patched 26 vulnerabilities. It also gives attackers different ways to compromise machines and hijack PCs. Microsoft stated, that 12 of the 26 vulnerabilities, or 46% of the total, were tagged with a „1“ in the company's exploitability index.
Jason Avery, manager of Tipping Point's Digital Vaccine group said: “The vulnerabilities in MS10-006 and MS10-012 will probably be exploited in just a few days. I think exploits for the PowerPoint vulnerabilities [in MS10-004 ] will also be disclosed within a few days, based on the information we have from ZDI and what we've heard through MAPP. “
Microsoft also has got an information reported by one of the biggest bug bounty programs in USA - Zero Day Initiative (ZDI) – that there are two of the six PowerPoint flaws. The PowerPoint update is released by Jason Miller, security and data team manager of patch management vendor Shavlik Technologies. He claimed: „PowerPoint Viewer 2003 is affected, but Microsoft's not patching it.“
„Microsoft's finally putting its foot down and saying that [Viewer 2003] is past its lifecycle, and that everyone should upgrade to PowerPoint Viewer 2007. But if word doesn't get out, users running the older version of the utility can be attacked at will, something attackers will surely use,“ Miller added.
More Vulnerabilities news
Shocking: 9 out of 10 websites still vulnerable to old attacks
Did you know that less than 10% of websites are safe from attacks that have struck the internet in 2009? Back then there was a breakout of Man-in-the-middle (MITH) attacks that included an injection of a malicious code in to the browser but even after 3 years these problems are very sensitive. SSL Pulse reportIt seems that companies live in a bubble as far as IT safety is concerned. A project called SSL Pulse that is monitoring 200. Read more.- Mozilla's decision: Firefox is blocked from running unpatched Java plugins
- Facebook still is a wonderland for cybercriminals
- Microsoft talks about dangerous flaw in a Windows
- 17 high-risk flaws are fixed in Chrome; Google pays $47,500 in bug bounties
- Google bypassed Safari's No Tracking settings
- Research reveals – 4/5 of security threats come from third-party software
- Google Wallet hack revealed
- Denial-of-service flaw is fixed by Oracle
- Firefox 9.0 and four critical flaws fixed
- Major flaw of Adobe Reader and Acrobat 9.x is patched
