Microsoft Patch Tuesday bonanza: 13 fixes for 34 flaws

Share this article:

Microsoft on Tuesday pushed out 13 patches to rectify a whopping 34 security vulnerabilities as part of the software giant's monthly update.

Included are two fixes for zero-day vulnerabilities -- in the Server Message Block (SMB) version 2 and File Transfer Protocol (FTP) service in Internet Information Services (IIS).

In total, 22 of the bugs were rated "critical" (including several in the soon-to-be-released Windows 7 platform), which means they are ripe for remote code exploitation that would enable an attacker to install malware on victim machines.

The eight critical bulletins included the SMB fix, as well as patches for Windows Media Runtime, Media Player, Internet Explorer, Active Template Library (ATL), Graphics Device Interface (GDI), and .NET and Silverlight

The fix for the FTP flaw was rated "important," as were four other patches for issues in CryptoAPI, Indexing Service, Local Security Authority Subsystem Service and the Windows kernel.

According to Symantec, this marked the most number of vulnerabilities ever addressed by Microsoft, eclipsing the previous record of 31, established in June.

"There's a little something for everything," nCircle's Tyler Reguly said in a statement, "a mix of remote code execution, spoofing, denial-of-service and privilege escalation. Tonight is going to be a long night for researchers everywhere as they attempt to dig through this tangle of vulnerabilities and uncover useful information for their customers."

Workarounds have been assigned to both zero-day issues. Microsoft officials have said the company is aware of active attacks targeting the FTP flaw, though it could not confirm anything in the wild regarding the SMB bug.

Given the size of Tuesday's release, experts recommend that businesses evaluate risk when determining how to prioritize patch deployments.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Next Article in News

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.