patch

Microsoft on Tuesday issued six security bulletins fixing 15 vulnerabilities, including a critical patch for holes in the Windows kernel and other Windows and Office components that could allow an attacker to take control of a computer.

The critical bulletin affecting the Kernel-Mode Drivers was publicly disclosed and could be used to create a Web page with malware designed to exploit the hole on systems that visit the page, Microsoft said in a blog posting.

"MS09-065, a bug in the Windows kernel, is this month's most serious issue," said Andrew Storms, director of security operations at nCircle. &… Read more

Microsoft said on Thursday it will issue six patches next week for 15 vulnerabilities, including three critical bulletins affecting Windows and two important Office-related bulletins.

Affected software includes Windows 2000, XP, Server 2003, Vista, Server 2008, Office XP, Office 2003, 2007 Microsoft Office System, Office 2004 for Mac, and Office 2008 for Mac, the company said in an advisory.

November's Patch Tuesday is a contrast to the record number of fixes issued last month--13 bulletins for 34 vulnerabilities.

Updated 2:52 p.m. PST to correct that there will be six patches fixing 15 vulnerabilities.

Tuesday was the biggest Patch Tuesday ever as Microsoft released 13 bulletins for 34 vulnerabilities. But just because Microsoft issues patches, does that mean that users should apply them? Yes, says Ben Greenbaum, senior research manager for Symantec Security.

Greenbaum said that these patches impacted many Microsoft products, including Windows 7 that isn't even out yet.

Microsoft released a record number of 13 bulletins for 34 vulnerabilities on Patch Tuesday--and the first critical update for Windows 7--as well as fixes for zero-day flaws involving Server Message Block (SMB) and Internet Information Services (IIS).

The most severe of the three SMB flaws, which were first reported last month, could allow an attacker to take control of a computer remotely by sending a specially crafted SMB packet to a computer running the Server service. Exploit code for one of the SMB holes has been posted to the Web, Microsoft said.

Windows 7 is affected by two critical patches … Read more

Microsoft on Thursday said it will provide a fix next week for zero-day flaws in Microsoft Server Message Block (SMB) and Internet Information Services (IIS) that could allow an attacker to take control of a computer.

Those are just two of the 34 vulnerabilities addressed in 13 bulletins (eight of which are critical and five of which are rated important) that will be fixed during Patch Tuesday, according to a blog post on the announcement. The bulletins affect Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools, and SQL Server, the advisory shows.

The SMB flaw was reported a month ago. … Read more

Apple has issued an advisory regarding security enhancements included in iPhone OS 3.1 and iPod Touch OS 3.1.1.

Here is a synopsis of the 10 iPhone security vulnerabilities addressed by the latest operating-system update for the iPhone and iPod Touch. As expected, many of these security patches focus on the Web-browsing framework WebKit.

CoreAudio Changes to CoreAudio prevent maliciously crafted AAC or MP3 files from causing unexpected application termination or arbitrary code execution.

Exchange support Changes were made to prevent a person with physical access to a device from being able to use it. Previously, if the … Read more

Apple has issued an advisory regarding security enhancements included in iPhone OS 3.1 and iPod Touch OS 3.1.1.

Here is a synopsis of the 10 iPhone security vulnerabilities addressed by the latest operating-system update for the iPhone and iPod Touch. As expected, many of these security patches focus on the Web-browsing framework WebKit.… Read more

Microsoft issued a formal security advisory late Tuesday on a reported zero-day flaw in Windows Vista and Windows Server 2008. However, the software maker also said that the flaw does not affect the final version of Windows 7, contrary to earlier reports.

"Microsoft is investigating new public reports of a possible vulnerability in Microsoft Server Message Block (SMB) implementation," Microsoft said in the advisory. "We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time."

The flaw could allow an attacker to gain control of a system, … Read more

Microsoft on Tuesday issued five critical Windows-related updates as part of its monthly Patch Tuesday release.

While the issues affect different versions of Windows differently, Microsoft said none of the issues apply to the final version of Windows 7, which Microsoft wrapped up in July.

The five bulletins address eight vulnerabilities. According to Symantec Security Response research manager Ben Greenbaum, the two vulnerabilities most likely to be used by attackers involve the way Windows handles ASF and MP3 media files. "We've seen similar exploits in the past and all a user would have to do is visit a … Read more