Microsoft releases last patches of the decade

Microsoft fixes an exploitable Internet Explorer vulnerability.

red cross

Microsoft has released its last patches of 2009, with a fix securing Internet Explorer top of the list.

The Internet Explorer bulletin (MS09-072) was the only patch this month that carried a critical' severity rating with a maximum exploitability rating.

This was due to the exploit code for the Internet Explorer 6 and 7 flaw being available publicly, although it wasn't reliable.

Symantec senior research manager Ben Greenbaum said it had been a race between attackers to improve the reliability of the exploit and Microsoft to either get a patch out.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

So far, the company hadn't seen the exploit improve its consistency or any evidence of successful attacks in the wild.

Matthew Walker, regional director for UK and Ireland at Lumension, said in a statement that MS09-072 potentially had the biggest impact.

He said the patch affected all IT environments running Internet Explorer 6,7 and 8, and specifically impacted Windows 7, Vista and XP, which all required a restart.

"This, combined with updates issued by Apple for Java for OSX and Adobe for Flash Player and AIR, make this month particularly important for IT departments to shore-up patches and protect against web-borne malware threats."

There were two critical vulnerabilities affecting Windows, with one bulletin affecting Windows Server 2008 and also requiring a restart.

Walker said: "Although Microsoft's exploitability scale for this bulletin is less severe, as Windows Server 2008 is most commonly deployed in support of mission critical applications, this update has the potential to be severely disruptive to business operations."

Advertisement - Article continues below

In total, there were six security bulletins addressing 12 vulnerabilities.

Adobe also released critical security updates for Flash Player and AIR, that came very soon after a zero-day flaw was discovered on Illustrator CS3 and CS4.

"Though both of Adobe's updates are critical, the Flash Player update should be applied immediately by all users," said Greenbaum. "Flash is used so commonly that it should definitely be a high priority."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/business-strategy/34599/adobe-shuts-down-service-to-venezuela
Business strategy

Adobe shuts down service to Venezuela

9 Oct 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020