Microsoft releases biggest-ever security update

From InfoWorld: Microsoft released its largest-ever set of security patches Tuesday, fixing a total of 49 bugs in products such as Windows, Internet Explorer, and Office.

There are 16 groups of patches (called updates) in total. Microsoft says that two of them -- the Internet Explorer fix numbered MS10-071 and a Windows patch numbered MS10-076 -- should get top priority. Microsoft thinks attack code is likely to be developed that will target bugs fixed by both of those updates.

NCircle Director of Security Operations Andrew Storms agrees that those two updates should be a top priority as they could be leveraged in a drive-by Internet attack. In this common type of attack, a hacker tricks the victim into visiting a Web page that takes advantage of the bug to install a malicious program on the victim's machine.

The MS10-71 update fixes 10 Internet Explorer bugs. Two are rated critical, meaning they could be used in a drive-by. The MS10-076 update fixes a single critical flaw in the Windows Embedded OpenType (EOT) Font Engine, used by Internet Explorer. The latest versions of Windows include a security technology called ASLR (address space layout randomization) which makes it harder to exploit that type of bug, Microsoft believes attackers are likely to develop attacks for older versions of the operating system such as Windows XP.

View: Article @ Source Site