By | No CommentsLeave a Comment
Last updated: Wednesday, April 15, 2009

Microsoft on Tuesday issued eight security updates to fix 23 security holes in its software, 10 of which are rated critical. Attackers have already used six vulnerabilities and four have a proof of concept or attack plan published. This marks the largest release of security patches since October 2008 and addresses issues in Windows, Internet Explorer, DirectX, Excel, Word and in the company’s security software. One of the four critical vulnerabilities that address issues with Internet Explorer is of particular concern, according to Ben Greenbaum, senior research manager for Symantec Security Response. “Vulnerability CVE-2009-0554 appears to be the easiest of the bunch to take advantage of by an attacker and also happens to be the one that requires the least amount of involvement by a user to exploit. An attacker can simply lure a victim into viewing a Web page that contains malicious content and that individual’s computer can then be taken over,” Greenbaum said. “This collection of Internet Explorer patches released today is a positive step, since the Web has become the primary conduit for attacks against end users. Many browser vulnerabilities, such as these announced by Microsoft, allow attackers to gain complete control over everything a user has permission to do on an exploited machine. You can imagine how dangerous this can be, especially if the user has administrator rights.” The Conficker Effect April’s monster Patch Tuesday release patches three of the four publicly known Microsoft security bulletins. The only remaining open bulletin from Microsoft at this point is PowerPoint, which just became public on April 2. “With all the recent media focus on Conficker, consumers are wondering if any of these new bugs could be used for the next Conficker-like worm. As it stands, April’s bugs are probably not a gateway to the new Conficker worm,” said Andrew Storms, director of security…

Read the rest here:
Attackers Focused on 10 of 23 Patch Tuesday Holes

Bookmark or share:
  • Google
  • Digg
  • del.icio.us
  • Technorati
  • Slashdot
  • StumbleUpon
  • Facebook
  • TwitThis
  • MySpace
  • Propeller
You may also like...
Apple and Adobe Patches Correct Security Holes
Patch Tuesday is a Microsoft institution, but competing software companies are stealing some of the attention this week with security issues of their own. On
Microsoft Warns of Serious Computer Security Hole
Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet. The vulnerability disclosed Monday affects Internet
Patch Management Turns Critical
First detected last October, the Conficker worm has since infected over eight million computers worldwide. Derek Brown, security researcher at TippingPoint DVLabs, talks about the
Microsoft just can’t seem to patch Samsung Windows Phone 7 phones
When you’re a software company issuing a patch, the last thing you want is for the patching process to go wrong. Patches are meant
Out-of-Date Software Can Make Computers Vulnerable
F-Secure, a provider of security as a service through Internet Service Providers, announced data that indicates that what is making computers most vulnerable to exploits
Gadgets and Accessories
Comments
There are no comments just yet, why not be the first?
Leave a Comment

*
To prove you're a person (not a spam script), type the security word shown in the picture.
Anti-spam image

Comments with links to other websites might be deleted. Links will be automatically removed from comments anyhow, do not waste your time adding any kind of links in your comment.
Add your picture!
Join Gravatar and upload your avatar. C'mon, it's free!