Microsoft posts 10 security fixes for Patch Tuesday
Jun. 4, 2010
For the next Patch Tuesday on June 8th, Microsoft is lining up no less than 10 major security patches covering over 34 critical vulnerabilities. Patch Tuesday is when the software giants posts on its website the latest security fixes for known software vulnarabilities in its Windows operating system. It always happens on the second Tuesday of the month, but there are times when Microsoft has been known to patch the security holes twice a month. In the case of Windows 7, patches vary between 3 to 5 times a month, since the OS is still fairly new, having been launched just on Oct. 27, 2009.
So far, three of the 10 software patches cover critical security holes, normally defined as security flaws that might allow a hacker to take full control of the targeted computer. The other seven notices fall in the lesser category of important and deal with security issues in Windows and Office.
The critical security vulnerabilities affect all supported version of Windows, including Windows XP, Windows Vista, Windows 7, Windows Server 2003, Server 2008 and Internet Explorer.
The security updates are due to cover two unpatched vulnerabilities in SharePoint (Bulletin KB983438) and an information leakage bug in Internet Explorer (Bulletin KB980088), Microsoft said.
"The June 8 release is a very large update and will keep system administrators fairly busy, even if they have migrated to Windows 7 already," explained Wolfgang Kandek, CTO of Qualys.
More details will come with the release of the patches on June 8.
Last month, Microsoft saids that it's in the process of investigating a security hole that is apparently present in older versions of its SharePoint Server software that an independent researcher says can easily expose private information, sensitive data and user authentication passwords.
The vulnerability exists due to failure in the '/layouts/help.aspx' script to properly 'clean' user-supplied input in the "cid0' variable," the Microsoft security advisory states.
"Successful exploitation of this security flaw could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data."
The XSS, or cross-site scripting vulnerability has already been confirmed in SharePoint Server 2007 and is likely also present in earlier versions of the CMS (content management system) software, a MS advisory from High-Tech Bridge warned.
High-Tech Bridge said they notified Microsoft of the security hole on April 12, but only made the report public on April 29.
So far, a Microsoft spokeswoman said yesterday that researchers are in the process of drafting a security advisory that includes mitigation and workaround details. With 17 days notice, it's unclear why Redmond's security team didn't already have that information ready to go... (!)
On April 29 as well, a separate advisory on the Future Musings blog warned of an XSS security vulnerability in the iPhone's Facebook app.
Overall, XSS bugs are by far the most common form of security vulnerability plaguing the Internet today. Webmasters and software providers often downplay them as insignificant, because the severity of many of them is rather minimal, although they are still critical.
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing