Microsoft releases last patches of the decade

Microsoft fixes an exploitable Internet Explorer vulnerability.

red cross

Microsoft has released its last patches of 2009, with a fix securing Internet Explorer top of the list.

The Internet Explorer bulletin (MS09-072) was the only patch this month that carried a critical' severity rating with a maximum exploitability rating.

This was due to the exploit code for the Internet Explorer 6 and 7 flaw being available publicly, although it wasn't reliable.

Symantec senior research manager Ben Greenbaum said it had been a race between attackers to improve the reliability of the exploit and Microsoft to either get a patch out.

So far, the company hadn't seen the exploit improve its consistency or any evidence of successful attacks in the wild.

Matthew Walker, regional director for UK and Ireland at Lumension, said in a statement that MS09-072 potentially had the biggest impact.

He said the patch affected all IT environments running Internet Explorer 6,7 and 8, and specifically impacted Windows 7, Vista and XP, which all required a restart.

"This, combined with updates issued by Apple for Java for OSX and Adobe for Flash Player and AIR, make this month particularly important for IT departments to shore-up patches and protect against web-borne malware threats."

There were two critical vulnerabilities affecting Windows, with one bulletin affecting Windows Server 2008 and also requiring a restart.

Walker said: "Although Microsoft's exploitability scale for this bulletin is less severe, as Windows Server 2008 is most commonly deployed in support of mission critical applications, this update has the potential to be severely disruptive to business operations."

In total, there were six security bulletins addressing 12 vulnerabilities.

Adobe also released critical security updates for Flash Player and AIR, that came very soon after a zero-day flaw was discovered on Illustrator CS3 and CS4.

"Though both of Adobe's updates are critical, the Flash Player update should be applied immediately by all users," said Greenbaum. "Flash is used so commonly that it should definitely be a high priority."

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

16 Apr 2021
US, UK say Russia was behind SolarWinds hack
cyber attacks

US, UK say Russia was behind SolarWinds hack

16 Apr 2021
1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
PowerShell threats increased over 200% last year
cyber security

PowerShell threats increased over 200% last year

14 Apr 2021

Most Popular

University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021