Hefty Patch Tuesday bulletin rounds off bumper year

Posted by   Virus Bulletin on   Dec 15, 2010

No sign of an end to vulnerability glut.

Microsoft released its monthly Patch Tuesday security bulletin yesterday, with details of a hefty 17 alerts covering 40 separate vulnerabilities. Although only two of this month's haul were marked as 'Critical', many others could be used to launch malicious attacks on vulnerable systems.

The Critical alerts included the standard batch of fixes for the Internet Explorer browser, and problems with the Open Type Font driver. Among those labelled 'Important' were issues with Windows kernel-mode drivers, address book, task scheduler, netlogon service, media encoder and Windows itself, as well as several other Microsoft packages including SharePoint, Publisher and Exchange Server, this last being the only 'Moderate' problem on the list.

As always, users are advised to apply patches as soon as they have time to do so. This large batch of patches takes the total for a single year to more than 100 for the first time, according to a Symantec commentator speaking to The Register (here). The full bulletin can be found here.

Posted on 15 December 2010 by Virus Bulletin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.