Wednesday, August 12, 2009

Patch Tuesday: August, 2009: 4 workstation holes and a little something for everyone else

There’s plenty to keep us busy this month. Most of the vulnerabilities have Microsoft’s exploitability index of 1 meaning they expect consistent exploit code likely in the next 30 days. Half are workstation vulnerabilities. There’s one denial of service vulnerability for IIS web servers. One vulnerabilities affecting your WINS servers and then 3 that could impact workstation but would mostly be found on servers.

Click on the above Patch chart for enlarged view.

Source: Ultimate windows Security                                                 



Microsoft fixes Office Web Components vulnerability, kill-bit bypass

Microsoft repaired critical Office Web Components vulnerabilities being actively exploited in the wild since they were first acknowledged by the software giant last month. 

Microsoft also released an additional critical update to repair ActiveX vulnerabilities in its Active Template Library. The errors enable an attacker to bypass kill-bits, a feature commonly deployed by Microsoft to block attackers from exploiting complex interoperability vulnerabilities without addressing the underlying flaw. 

In all, Microsoft issued nine security updates Tuesday, including six rated critical, affecting Windows and Office Web Components.