Five bulletins planned for post-ANI fix Patch Tuesday

Share this article:

On the heels of Tuesday's early fix for the ANI flaw and other Graphics Device Interface vulnerabilities, Microsoft announced today that it will distribute five security bulletins next Tuesday.

The highest severity rating for any of these flaws is "critical," according to Microsoft.

Four of the fixes will affect Windows, while the other will patch Microsoft Content Manager Server.

Microsoft will also release six non-security high priority updates as part of its regularly scheduled Patch Tuesday distribution.

Security researchers haven’t rested much since late last month when attacks on the Windows ANI flaw began.

Despite Tuesday’s early distribution, exploits continued to attack unpatched PCs this week, using pictures of Britney Spears and other lures as malware bait.

A number of sites containing iFrames, which permit the embedding of HTML documents inside a main document, are contributing to the spread of exploits, according to researchers.

The SANS Internet Storm Center and other research organizations have also reported problems with the Realtek HD Audio Control Panel after installation of the early patch.

Alexander Sotirov, researcher at Determina, the firm that first reported the flaw to Microsoft last year, said this week that Windows PCs with Firefox are also vulnerable to the flaw.

In the wake of the early release, a number of security researchers questioned whether Microsoft should change its patch release process.

Click here to email Frank Washkuch Jr.

 

 

Looking for a new job? SCMagazine.com has the latest IT security employment opportunities. Click here for our jobs page.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for ...

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger ...

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.