Microsoft delivers big month of patches, quashes 22 bugs

From InfoWorld: Microsoft today issued 12 security updates that patched 22 bugs in Windows, IE (Internet Explorer), Office, and its Internet server software.

An analyst suspected that one of the dozen updates was released to prevent hackers from exploiting Windows 7 in the Pwn2Own contest slated to start in four weeks.

"I think this was a strategic move by Microsoft to prevent [researchers] from using the vulnerability as a mechanism to bypass ASLR," said Andrew Storms, director of security operations for nCircle Security, referring to the MS11-009 update that patched a bug in the JScript and VBScript scripting engines within Windows.

At Pwn2Own, which runs March 9-11 at the CanSecWest security conference, attackers armed with unpatched vulnerabilities and corresponding exploits will try to hack browsers running on Windows 7. To do so, they must sidestep ASLR -- for "address space layout randomization" -- one of Windows 7's two anti-exploit technologies.

Three of the 12 updates were labeled "critical," Microsoft's most serious threat ranking. The remaining nine were marked "important," the second-highest rating.

View: Article @ Source Site