Tuesday, December 9, 2008

MS Patch Tuesday Whopper: 28 Vulnerabilities in Windows, IE, Office

Via ZDNet -

Microsoft today dropped a monster Patch Tuesday release with fixes for at least 28 vulnerabilities affecting Windows, Office, Internet Explorer, Visual Basic Active Controls and Windows Media Player.

Of the 28 flaws, 23 carry a “critical” rating, meaning they could be used to launch remote code execution attacks with minimal user action. It is the largest patch batch from Redmond since the company implemented the Patch Tuesday schedule five years ago.

Most of the bulletins address client-side flaws that could be exploited via the browser or if a user opens a booby-trapped file.

The bulletin with the most patches (MS08-072) addresses a total of 8 flaws in the ubiquitous Microsoft Office software suite. According to Microsoft, the bugs could be exploited if a user is tricked into opening a rigged Word of RTF (Rich Text Format) file.

Another major bulletin is MS08-073, which covers 4 flaws in Internet Explorer, the world’s most widely deployed browser. These could be exploited if a user simply surfs to a specially crafted page in IE, making it a perfect target for drive-by download attacks.

[...]

According to Eric Schultze, CTO of patch-management firm Shavlik Technologies, Windows users should prioritize around the MS08-76 as well as MS08-070 through MS08-075, as soon as possible.

“Corporations and hosting services that use Sharepoint 2007 should install MS08-077 as soon as they can,” Schultze said.

No comments:

Post a Comment