Eleven patches due from Microsoft

By SearchSecurity.com Staff 10 Oct 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Microsoft plans to release 11 patches, including four rated as critical for Internet Explorer, Active Directory, Excel and Host Integration Server.

In the Microsoft advance patch notice for October, issued Thursday, the software giant said it will release six patches rated as important for Windows and one listed as moderate for Office. Microsoft plans to issue the updates on Oct. 14.

Microsoft September updates: Microsoft plugs Media Player, graphics handling flaws: Flaws in Microsoft's Graphics Device Interface could affect multiple systems and third party applications, Microsoft said. Microsoft provides guidance on GDI flaws: Microsoft's Bill Sisk explains why five remote code execution vulnerabilities in GDI+ affect multiple systems and third-party applications.

Details were sparse, as is customary in Microsoft's advance notices, but the company said the critical updates will fix vulnerabilities that could lead to remote code execution by an attacker.

In September, Microsoft released critical updates addressing multiple client-side remote code execution flaws in its Graphics Device Interface (GDI+) that could affect multiple systems and third-party applications. Last month, Microsoft also plugged a remote code execution vulnerability in an ActiveX control in Windows Media Encoder 9.

Microsoft also said it would begin sharing vulnerability information with security vendors this month. The goal is to help the vendors develop signatures and filters prior to the release of patches on the second Tuesday of each month.

Known as the Microsoft Active Protections Program (MAPP), the new plan will be open to security companies that provide defensive technology to large customer bases. Those vendors that could gain access typically sell antivirus, intrusion detection system (IDS) and intrusion prevention system (IPS) software and appliances. Security vendors have been calling for early notification. Microsoft officials also said they've gotten to the point where they could use some help from the rest of the security community.

Tags: Security Patch Management,  Windows Security: Alerts, Updates and Best Practices,  Web Browser Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Patch Management Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates Adobe issues first quarterly patch release fixing 13 flaws Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Adobe shifts to Microsoft patching process, incident response plan Software delivery could fix software patching issues Microsoft updates Office to address serious PowerPoint vulnerabilities Microsoft to patch critical PowerPoint zero-day flaw Firefox update addresses several security flaws Microsoft patches serious Excel zero-day, Windows flaws Windows Security: Alerts, Updates and Best Practices When BIOS updates become malware attacks Microsoft patches WebDAV security vulnerability in bevy of updates Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Hackers targeting unpatched Microsoft DirectShow flaw Microsoft warns of IIS zero-day vulnerability Microsoft updates Office to address serious PowerPoint vulnerabilities Microsoft to patch critical PowerPoint zero-day flaw How to perform Microsoft Baseline Security Analyzer (MBSA) scans Microsoft patches serious Excel zero-day, Windows flaws Microsoft Stirling Beta 2 release includes Exchange SaaS offering Web Browser Security Security researchers develop browser-based darknet Microsoft cracks down on click fraud ring Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates IT pros can detect, prevent website vulnerabilities, thwart attacks Stolen FTP credentials likely in massive website attacks Trust eroding as social engineering attacks climb in 2009, says Kaspersky expert IT managers under pressure to weaken Web security policy US-CERT warns of Gumblar, Martuz drive-by exploits Google study backs browser silent auto update feature Web Browser Security Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary attack vector  (SearchSecurity.com) back door  (SearchSecurity.com) ethical worm  (SearchSecurity.com) Patch Tuesday  (SearchSecurity.com) zero-day exploit  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary