Microsoft, during their latest Patch Tuesday, has plugged 34 security holes while updating 14 security bulletins.
Four of the most critical bulletins were rated "highest priority" for enterprises.
14 bulletins is the highest amount of security bulletins ever released by the software giant during a Patch Tuesday, and a full eight were rated critical.
The four aforementioned "highest priority" bulletins are (via EW): MS10-052, which resolves a vulnerability in Microsoft's MPEG Layer-3 audio codecs; MS10-055, which addresses a vulnerability in the Cinepak Codec used by Windows Media Player to support the AVI audiovisual format; MS10-056, which deals with four vulnerabilities in Microsoft Office; and MS10-060, which resolves two vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight.
Joshua Talbot, a security intelligence manager of Symantec Security Response pinpointed one of the none critical bulletins as being potentially very dangerous as well. That bulletin is MS10-054: "The SMB [protocol] pool overflow vulnerability [covered in MS10-054] should be a real concern for enterprises. Not only does it give an attacker system-level access to a compromised SMB server, but the vulnerability occurs before authentication is required from computers contacting the server. This means any system allowing remote access and not protected by a firewall is at risk.
"Best practices dictate that file or print sharing services, such as SMB servers, should not be open to the Internet. But such services are often unprotected from neighboring systems on local networks. So, a cyber-criminal could use a multistaged attack to exploit this vulnerability … [and] this issue affects more than just file servers using the SMB service. Workstations that have enabled file and print sharing are also at risk."
All of the other bulletins were rated "Important."
14 bulletins is the highest amount of security bulletins ever released by the software giant during a Patch Tuesday, and a full eight were rated critical.
The four aforementioned "highest priority" bulletins are (via EW): MS10-052, which resolves a vulnerability in Microsoft's MPEG Layer-3 audio codecs; MS10-055, which addresses a vulnerability in the Cinepak Codec used by Windows Media Player to support the AVI audiovisual format; MS10-056, which deals with four vulnerabilities in Microsoft Office; and MS10-060, which resolves two vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight.
Joshua Talbot, a security intelligence manager of Symantec Security Response pinpointed one of the none critical bulletins as being potentially very dangerous as well. That bulletin is MS10-054: "The SMB [protocol] pool overflow vulnerability [covered in MS10-054] should be a real concern for enterprises. Not only does it give an attacker system-level access to a compromised SMB server, but the vulnerability occurs before authentication is required from computers contacting the server. This means any system allowing remote access and not protected by a firewall is at risk.
"Best practices dictate that file or print sharing services, such as SMB servers, should not be open to the Internet. But such services are often unprotected from neighboring systems on local networks. So, a cyber-criminal could use a multistaged attack to exploit this vulnerability … [and] this issue affects more than just file servers using the SMB service. Workstations that have enabled file and print sharing are also at risk."
All of the other bulletins were rated "Important."
