Microsoft releases last patches of the decade
By Asavin Wattanajantra,
Microsoft has released its last patches of 2009, with a fix securing Internet Explorer top of the list.
The Internet Explorer bulletin (MS09-072) was the only patch this month that carried a ‘critical’ severity rating with a maximum exploitability rating.
This was due to the exploit code for the Internet Explorer 6 and 7 flaw being available publicly, although it wasn’t reliable.
Symantec senior research manager Ben Greenbaum said it had been a race between attackers to improve the reliability of the exploit and Microsoft to either get a patch out.
So far, the company hadn’t seen the exploit improve its consistency or any evidence of successful attacks in the wild.
Matthew Walker, regional director for UK and Ireland at Lumension, said in a statement that MS09-072 potentially had the biggest impact.
He said the patch affected all IT environments running Internet Explorer 6,7 and 8, and specifically impacted Windows 7, Vista and XP, which all required a restart.
“This, combined with updates issued by Apple for Java for OSX and Adobe for Flash Player and AIR, make this month particularly important for IT departments to shore-up patches and protect against web-borne malware threats.”
There were two critical vulnerabilities affecting Windows, with one bulletin affecting Windows Server 2008 and also requiring a restart.
Walker said: “Although Microsoft’s exploitability scale for this bulletin is less severe, as Windows Server 2008 is most commonly deployed in support of mission critical applications, this update has the potential to be severely disruptive to business operations.”
In total, there were six security bulletins addressing 12 vulnerabilities.
Adobe also released critical security updates for Flash Player and AIR, that came very soon after a zero-day flaw was discovered on Illustrator CS3 and CS4.
“Though both of Adobe’s updates are critical, the Flash Player update should be applied immediately by all users,” said Greenbaum. “Flash is used so commonly that it should definitely be a high priority.”
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
Do British police get cyber security?
Davey Winder listens to telephone conversations between the FBI and the Metropolitan Police, courtesy of Anonymous, and isn't impressed.
- Who to trust after the VeriSign hack?
- Striving to solve the security skills crisis
- Would you employ a hacker or malware writer?
- Q&A: Raj Samani, CTO McAfee
- Erase and rewind: the EU and privacy
- My email address is [CENSORED]
- Is there such a thing as a secure tablet?
- 2011: The year in news
- BYOD: Old or new, good or bad?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Ubuntu vs. Windows 7 on the business desktop
- York researchers heat storage to speed up data
- BlackBerry Bold 9790 review
- OneNote hits Google?s Android
- O2 trials Olympic-scale remote working
- Will someone rid me of these troublesome Macs?
- Lenovo beats expectations again
- Who to trust after the VeriSign hack?
- Google to promise fairness after Motorola buy
- Report: Google cloud storage coming soon
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
