Microsoft issued a record 17 security bulletins Tuesday, repairing a zero-day vulnerability used by the notorious Stuxnet malware and blocking attackers from targeting several critical flaws in Internet Explorer.
Organizations need to get a better handle on planning their down times for patch Tuesday because the number of patches aren't going to decrease any time soon.
manager of the vulnerability research labQualys Inc.
The software giant repaired 40 product vulnerabilities and seven critical flaws in both client-side software and server systems, affecting both Microsoft SharePoint Server and Exchange. Patching experts said the additional bulletins show that Microsoft may be making an effort to improve the time it takes to address vulnerabilities.
"Organizations need to get a better handle on planning their down times according to patch Tuesday because the number of patches aren't going to decrease any time soon," said Amol Sarwate, manager of the vulnerability research lab at Redwood Shores, Calif.-based vulnerability management vendor, Qualys Inc.
The record number of bulletins this year (108) could also be an indication that the security vendor is perfecting its processes, said Jason Miller, data and security team leader for New Brighton, Minn.-based patch management vendor Shavlik Technologies Corp. Miller said that although Microsoft has had a very difficult year -- the company has had a record number of out-of-band patches and a record number of zero-day vulnerabilities – the software giant has become more transparent with its engineering teams and patching processes than ever before.
"They've really been getting good at their approach," Miller said. "I'm hoping that other vendors look deep at what Microsoft is doing on this and try to mimic what they do."
In the latest update, Microsoft patched the fourth zero-day vulnerability used by the cybercriminals behind the Stuxnet Trojan. The sophisticated malware targeted several other vulnerabilities to gain access to Windows systems and then used one of two vulnerabilities in the Windows Task Scheduler to elevate its privilege in its quest to target Siemens supervisory control and data acquisition (SCADA) software. Microsoft has labeled the vulnerability "important" and said the attacker must have valid logon credentials and be logged on locally to exploit the flaw.
Microsoft blocked several critical vulnerabilities in Internet Explorer being used by attackers in a series of drive-by attacks. The bulletin resolves five critical issues affecting all supported versions of Internet Explorer, on both Windows clients and Windows servers. Sarwate said Microsoft has seen an increase in attacks targeting the IE vulnerabilities in recent days.
"There was a big uptick in China and Korea where these vulnerabilities were being used for exploitation," Sarwate said.
Several critical vulnerabilities in Microsoft's Windows Open Type Font driver were also repaired by the company Tuesday. Microsoft said an attacker could host an OpenType font on a network share and get a user to browse to it, automatically triggering the vulnerability in Windows Explorer, "allowing the specially crafted font to take complete control over an affected system." The security update is rated critical for the OTF driver running on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.
In addition, Microsoft addressed several vulnerabilities in the way Microsoft and some third party applications preload shared files in Windows. Several bulletins address media handling vulnerabilities or DLL preloading errors . The bulletins are rated important and address preloading flaws in both client and server systems. Administrators should deploy the patches, but Qualys' Sarwate said IT admins can read and apply a DLL preloading fix that addresses the preloading errors in hundreds of third-party Windows components.
Another notable security bulletin repairs seven vulnerabilities in Microsoft Office that an attacker can exploit remotely to gain access to critical system files or install malware. The vulnerabilities affect Microsoft Office Graphics Filters and can be exploited by getting a user to open a malicious image file. The vulnerability is rated "important" for Microsoft Works 9, Microsoft Office Converter Pack and Microsoft Office XP and Microsoft Office 2003.