Record Patch Tuesday: Where to Begin

Microsoft unleashed a record number of security bulletins for a single month–14 security bulletins addressing 34 different vulnerabilities. IT admins need to understand the risks and prioritize the patches to ensure they aren’t overwhelmed by the sheer volume of the patch avalanche.
Microsoft outlined in a statement “Microsoft is providing active security protections to help customers manage and prevent threats to their computing experience through the release of 14 security bulletins. This month’s bulletin package includes eight Critical and six Important updates to address 34 vulnerabilities in Microsoft Office, Microsoft Windows, Microsoft Internet Explorer, Microsoft Silverlight, Microsoft XML Core Services and Server Message Block.”

Andrew Storms, director of security operations for nCircle, had this to say about the slew of Microsoft patches. “It’s another movies-to-malware month for Microsoft. Four of the 14 bulletins this month fix bugs in media applications. Already this year Microsoft has fixed bugs in media applications or media file formats in February, March, April and June, so this month continues an obvious and growing trend. So much of what people do on the Internet these days includes videos or music and malware writers continue to take advantage of the fact that people are less aware of malware embedded in these files.”

The Patch Tuesday security bulletins are above and beyond the out-of-band patch released last week for the Windows shortcut flaw. Microsoft was compelled to rush that fix out due to a rise in attacks exploiting the vulnerability.

Joshua Talbot, security intelligence manager for Symantec Security Response warned via e-mail that IT admins should be particularly concerned with the SMB pool overflow vulnerability (MS10-054). “Best practices dictate that file or print sharing services, such as SMB servers, should not be open to the Internet. But such services are often unprotected from neighboring systems on local networks. So, a cybercriminal could use a multi-staged attack to exploit this vulnerability.”

Talbot explained “Such an attack would likely start by compromising an employee’s machine via a drive-by download or socially engineered email, and would end by using that compromised computer to attack neighboring machines on the same local network that have the SMB service running.”

story continued at PC World

Tony Bradley / PC World

Click video to hear audio