Microsoft releases last patches of the decade

Microsoft fixes an exploitable Internet Explorer vulnerability.

red cross

Microsoft has released its last patches of 2009, with a fix securing Internet Explorer top of the list.

The Internet Explorer bulletin (MS09-072) was the only patch this month that carried a critical' severity rating with a maximum exploitability rating.

This was due to the exploit code for the Internet Explorer 6 and 7 flaw being available publicly, although it wasn't reliable.

Advertisement - Article continues below

Symantec senior research manager Ben Greenbaum said it had been a race between attackers to improve the reliability of the exploit and Microsoft to either get a patch out.

So far, the company hadn't seen the exploit improve its consistency or any evidence of successful attacks in the wild.

Matthew Walker, regional director for UK and Ireland at Lumension, said in a statement that MS09-072 potentially had the biggest impact.

He said the patch affected all IT environments running Internet Explorer 6,7 and 8, and specifically impacted Windows 7, Vista and XP, which all required a restart.

"This, combined with updates issued by Apple for Java for OSX and Adobe for Flash Player and AIR, make this month particularly important for IT departments to shore-up patches and protect against web-borne malware threats."

There were two critical vulnerabilities affecting Windows, with one bulletin affecting Windows Server 2008 and also requiring a restart.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Walker said: "Although Microsoft's exploitability scale for this bulletin is less severe, as Windows Server 2008 is most commonly deployed in support of mission critical applications, this update has the potential to be severely disruptive to business operations."

In total, there were six security bulletins addressing 12 vulnerabilities.

Adobe also released critical security updates for Flash Player and AIR, that came very soon after a zero-day flaw was discovered on Illustrator CS3 and CS4.

"Though both of Adobe's updates are critical, the Flash Player update should be applied immediately by all users," said Greenbaum. "Flash is used so commonly that it should definitely be a high priority."

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
IBM teams with Adobe and Red Hat to drive personalized customer experiences
Cloud

IBM teams with Adobe and Red Hat to drive personalized customer experiences

20 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
UN report points to a 350% rise in phishing websites at start of 2020
phishing

UN report points to a 350% rise in phishing websites at start of 2020

7 Aug 2020