News

Microsoft Readies 8 Security Fixes for October

• By Jabulani Leffall
• 10/06/2011

Microsoft's advanced notification was released today, showing that October's Patch Tuesday security update will contain two "critical" and six "important" items covering a range of products including Microsoft .NET Windows, Internet Explorer, Forefront and Microsoft Host Integration Server.

Remote code execution dominates the risk profile for all but two of the items on the patch slate. The remaining two are denial-of-service and elevation-of-privilege considerations.

The first critical bulletin affects .NET and Silverlight.

Marcus Carey, a security researcher at Rapid7, opines that this patch, along with all critical items, needs to be examined closely.

"This bulletin looks very close to MS11-039, which was patched in August. When exploit developers look for bugs disclosed in products, they usually find similar bugs which result in the same type of vulnerabilities," he said.

As for the other, an often-patched Internet Explorer once again will be receiving a fix.

Speaking on the Internet Explorer item, Carey said attackers will continue to get users to click on links to malicious Web sites. He says to expect the attackers to continue to explore these browsers and plug-in weaknesses, which have been the bane of Microsoft's browser for some time.

Paul Henry, security and forensic analyst for Lumension, called October's predicted batch of fixes a "trick and treat" patch.

The Treat is that there are less critical items and more Windows fixes, he said. The trick is in the operational challenges of rebooting systems.

"Nearly all require a restart, which will cause widespread disruptions across both Internet-connected servers and user community desktops."

As usual, consult Microsoft Knowledge Base Article 894199 for more information.