October 08, 2009

Microsoft to push 13 patches, including SMB, FTP fixes

Microsoft next week plans to distribute 13 patches, including fixes for two zero-day vulnerabilities that can be remotely exploited.

Tuesday's security update is expected to include five "important" patches and eight deemed "critical," according to an advance notification released Thursday. Among the critical bulletins are fixes for still-outstanding vulnerabilities in the Server Message Block (SMB) network protocol and the FTP service in Internet Information Services.

Workarounds have been assigned to both issues. Microsoft officials have said the company is aware of active attacks targeting the FTP flaw, though it could not confirm anything in the wild regarding the SMB bug.

However, late last month, researchers developed publicly available exploit code for the SMB vulnerability that could enable an attacker to install malware on Windows Vista and Server 2008 machines. Some experts feared the flaw could give rise to a worm like Conficker.

In total, Tuesday's security update will address a whopping 34 vulnerabilities, affecting Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools, and SQL Server, according to the advance notification.

Related Articles
Related Topics
close

Next Article in News

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.