Home > Security News > Eleven patches due from Microsoft
Security News:
EMAIL THIS

Eleven patches due from Microsoft

By SearchSecurity.com Staff
10 Oct 2008 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Microsoft plans to release 11 patches, including four rated as critical for Internet Explorer, Active Directory, Excel and Host Integration Server.

In the Microsoft advance patch notice for October, issued Thursday, the software giant said it will release six patches rated as important for Windows and one listed as moderate for Office. Microsoft plans to issue the updates on Oct. 14.
Microsoft September updates:
Microsoft plugs Media Player, graphics handling flaws: Flaws in Microsoft's Graphics Device Interface could affect multiple systems and third party applications, Microsoft said.

Microsoft provides guidance on GDI flaws: Microsoft's Bill Sisk explains why five remote code execution vulnerabilities in GDI+ affect multiple systems and third-party applications.

Details were sparse, as is customary in Microsoft's advance notices, but the company said the critical updates will fix vulnerabilities that could lead to remote code execution by an attacker.

In September, Microsoft released critical updates addressing multiple client-side remote code execution flaws in its Graphics Device Interface (GDI+) that could affect multiple systems and third-party applications. Last month, Microsoft also plugged a remote code execution vulnerability in an ActiveX control in Windows Media Encoder 9.

Microsoft also said it would begin sharing vulnerability information with security vendors this month. The goal is to help the vendors develop signatures and filters prior to the release of patches on the second Tuesday of each month.

Known as the Microsoft Active Protections Program (MAPP), the new plan will be open to security companies that provide defensive technology to large customer bases. Those vendors that could gain access typically sell antivirus, intrusion detection system (IDS) and intrusion prevention system (IPS) software and appliances. Security vendors have been calling for early notification. Microsoft officials also said they've gotten to the point where they could use some help from the rest of the security community.

Tags: Security Patch ManagementWindows Security: Alerts, Updates and Best PracticesWeb Browser SecurityVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED CONTENT
Security Patch Management
Squad: Tokenization, Phishing and the Feds
Should management processes change based on a patch release schedule?
Should Windows Mobile updates come from Microsoft?
Adobe updates ColdFusion, JRun, Flex
Trusteer CEO criticizes Adobe, touts better patch deployments
Patch management study shows IT taking significant risks
Vulnerability mitigation study shows need for faster patching
Microsoft to issue security report card, new tool at Black Hat
How to manage patches for Adobe
When is it suitable to remove Java updates?

Windows Security: Alerts, Updates and Best Practices
Windows 7 DoS flaw allows hackers to freeze Microsoft's newest OS
Microsoft patches serious Windows kernel flaws
Microsoft to address flaws in Windows, Office for Mac
Microsoft fixes security update that breaks Internet Explorer
What is the best database patch management process?
Microsoft addresses critical SMBv2 flaw, fixes record number of flaws
Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities
Microsoft releases temporary fix for SMB2 zero-day vulnerability
Microsoft issues SMB vulnerability advisory, patch pending
Attackers target Microsoft IIS; new SMB flaw discovered

Web Browser Security
InZero Systems launches hardware-based security gateway
Web security firm ranks Firefox, Safari browsers as flaw prone
Microsoft fixes security update that breaks Internet Explorer
Mozilla update repairs Firefox buffer overflow vulnerabilities
Kaspersky system analyzes malicious URLs on Twitter for malware
Silon malware intercepts Internet Explorer sessions, steals credentials
Do Facebook URL security concerns justify blocking social networks?
Phishing attacks to remain a major problem, say security experts
Adrian Perrig: Improve SSL/TLS Security Through Education and Technology
New Bahama botnet evades search engines, fuels click fraud
Web Browser Security Research

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
attack vector  (SearchSecurity.com)
back door  (SearchSecurity.com)
ethical worm  (SearchSecurity.com)
Patch Tuesday  (SearchSecurity.com)
zero-day exploit  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



More Tips to Secure Your Network
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts