Feeds

Critical IE update in biggest ever Patch Tuesday

Internet Explorer? Is that thing still around?

Top 5 reasons to deploy VMware with Tegile

Microsoft released a bumper total of 17 bulletins on Tuesday - collectively addressing a total of 40 software security vulnerabilities - as part of its largest ever Patch Tuesday update.

Only two of the patch batch earn the dread rating of critical. One critical fix (MS10-090) addresses five critical flaws in Internet Explorer, some of which have been used in anger in hacking attacks. All currently supported versions of IE will need patching.

A new CSS vulnerability in IE, reported on a full disclosure mailing list last week, remains unpatched.

The second critical fix (MS10-091) tackles a bug in font handling, which poses a code execution bug on newer versions of Windows and a lesser privilege escalation flaw on Windows XP.

The remaining patches (14 Important and one Moderate) include a fix that takes care of the last remaining unpatched vulnerability exploited by the infamous Stuxnet worm (an important privilege escalation bug involving Task Scheduler).

The December edition of Microsoft's regular Patch Tuesday update broke numerous records, according to Symantec.

Joshua Talbot, security intelligence manager, Symantec Security Response, commented: "Seventeen bulletins are the most ever issued in a single month.

"Also, Microsoft has now released 106 security bulletins in 2010 – the first time topping the century mark since the Patch Tuesday program began. The next closest was 78 in 2006 and 2008.

"Finally, by Symantec’s count Microsoft far surpassed the number of vulnerabilities patched in a single year with 261. The previous record was 170 set last year."

The Internet Storm Centre's graphical overview of the monster patch batch can be found here. Microsoft's advisory is here. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.