Does Microsoft Windows suck? Um, why do you ask?
Microsoft drops record 14 bulletins in largest-ever Patch Tuesday
It’s a very busy Patch Tuesday for Windows users: 14 bulletins covering 34 serious security vulnerabilities in Internet Explorer, Microsoft Windows, Microsoft Office, Silverlight, Microsoft XML Core Services and Server Message Block.
As previously reported, eight of the bulletins are rated “critical” because of the risk of remote code execution attacks. The other six are rated “important.”
The company also released a security advisory to warn of a new elevation of privilege issue in the Windows Service Isolation feature.
Windows users are urged to pay special attention to these four bulletins:
MS10-052 resolves a privately reported vulnerability in Microsoft’s MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.
MS10-055 resolves a privately reported vulnerability in the Cinepak codec that could allow remote code execution if a user opens a specially crafted media file, or receives specially crafted streaming content from a Web. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.
MS10-056 resolves four privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Windows Vista and Windows 7 are less exploitable due to additional heap mitigation mechanisms in those operating systems.
MS10-060 resolves two privately reported vulnerabilities, both of which could allow remote code execution, in Microsoft .NET Framework and Microsoft Silverlight.
As Computerworld’s Gregg Keizer points out, the August update was the biggest ever by number of security bulletins, and equaled the single-month record for individual patches.
See also:
Microsoft Security Bulletin Summary for August 2010
MS10-052
MS10-055
MS10-056
MS10-060
Windows Update Home
Record Patch Tuesday yields critical Windows, IE fixes
Record Patch Tuesday: Where to Begin
It’s Microsoft Patch Tuesday: August 2010
Microsoft: Big Patch Tuesday for IT Administrators
Microsoft releases record number of security patches
Microsoft issues patches for a record 35 fresh security holes
Microsoft Issues Biggest Security Patch Yet
What the hell is Bill Gates selling anyway, a computer operating system or Swiss cheese?
/you’d better get busy downloading, this one takes a while, sucks if you have dial up
Filed under: Blog Entry | Tagged: Bill Gates, Cinepak Codec, Codec, Computerworld’, Critical, Gregg Keizer, Important, Internet Explorer, Media File, Microsoft, Microsoft .NET Framework, Microsoft Office, Microsoft Windows, Microsoft XML Core Services, Mitigation Mechanisms, MPEG Layer-3 Audio Codecs, MS10-052, MS10-055, MS10-056, MS10-060, Operating Systems, Patch Tuesday, Patchapalooza, Patches, Privilege Issue, Remote Code Execution, Remote Code Execution Attacks, RTF E-Mail Message, Security Advisory, Security Bulletins, Server Message Block, Silverlight, Streaming Content, User Rights, Vulnerabilities, Vulnerability, Windows, Windows 7, Windows Service Isolation Feature, Windows Vista | 1 Comment »
Eat It Or Wear It 