bit-tech.net

Patch Tuesday brings 34 fixes

Patch Tuesday brings 34 fixes

Microsoft's Patch Tuesday for August brings fixes for a whopping 34 security vulnerabilities.

Sysadmins take note: this coming Tuesday is going to be a bit of a nightmare, with Microsoft's monthly patch cycle fixing a whopping 34 vulnerabilities across 14 bulletins.

The high patch load, confirmed by Microsoft in an advanced notification posting on its TechNet site, lists eight of the fourteen security bulletins addressed in the patch cycle as 'Critical' - the highest rating - while the remaining six are merely 'Important.'

This monster patching session comes despite the removal of Windows XP SP2 from the company's list of supported OS versions and an out-of-band emergency patch designed to fix the shortcut flaw in the Windows shell that saw users getting infected simply by opening Windows Explorer to a location containing a maliciously-crafted file.

The vulnerabilities due to be fixed on this latest Patch Tuesday cover all supported versions of Windows - including Microsoft's latest and greatest, Windows 7 - both on desktops and servers. Earlier Windows releases - such as Windows XP SP2 - are thought to be vulnerable to attack but no longer supported, with Microsoft advising users to upgrade to Windows XP SP3 in order to receive protection.

One of the most serious vulnerabilities - rated 'Critical' for its ability to allow an attacker to remotely execute code on the targeted machine - also affects Internet Explorer, and two more patches are designed to fix flaws in Microsoft Office. A final critical-rated patch addresses an issue in Microsoft's Silverlight plugin.

With such a selection box of patches to choose from, administrators the world over are likely to be busy on Tuesday.

Are you surprised at the sheer volume of vulnerabilities found in Microsoft's most secure version of Windows yet, or just pleased that patches to fix the flaws are forthcoming? Share your thoughts over in the forums.

13 Comments

Discuss in the forums Reply
Mr T 6th August 2010, 10:57 Quote
As long as it's MS that's found these vulnerabilities and/or fixed them before they are out in the wild i say bring on the patches.
J05H11E 6th August 2010, 11:07 Quote
they were in the wild for a while before they were patched :/
Oggyb 6th August 2010, 11:40 Quote
Well, MS could leave vulnerabilities to fester 6 months before patching (like other companies) so this is damn good.
Bob1234 6th August 2010, 12:17 Quote
A lot of it depends on mitigating circumstances.

Exploits that arent remotely executable or require some sort of specific user input are less significant than remote or automated ones.
kzinti1 6th August 2010, 17:45 Quote
As hackers evolve so does program security.
thehippoz 6th August 2010, 18:42 Quote
I rub it then you do it
ilikesimple 7th August 2010, 02:09 Quote
Quote:
Originally Posted by kzinti1
As hackers evolve so does program security.

As program security evolves so do Hackers
NethLyn 7th August 2010, 11:03 Quote
Let the patches keep coming, and to be honest telling XP diehards to go and get the final SP (seeing as they've now missed out on what, 80 updates unless installed separately) isn't unreasonable, is it coming up for two years old now? If you're going to use old stuff, it might as well be up to the last update MS is willing to give out.
Fizzban 7th August 2010, 12:14 Quote
I welcome the fixes but I will be making a restore point before I install them I think. I've had windows 'fixes' bugger my computer before now. So always best to have a restore point on hand.
MitchBomcanhao 8th August 2010, 10:49 Quote
only 2 fixes on my w7 install. the rest were normal updates. I don't understand these news, if they do patches "I my god, so many patches". If they don't "oh my god, they're lazy and don't care about security, lets all use mac and linux".
Phil Rhodes 8th August 2010, 11:28 Quote
Yes, I'm not quite sure why this is news. Slow week, Bit-Tech?
Culinia 8th August 2010, 13:47 Quote
I am not sure why this is news also. This is basic system maintenance.
r0z|3o0n 9th August 2010, 01:37 Quote
Quote:
Originally Posted by Culinia
I am not sure why this is news also. This is basic system maintenance.

Perhaps if you look after a whole 2 home PCs with 1 user in total and a bunch of very standard software.

The significant number of patches in one patch cycle is what makes this interesting for some audiences.

Picture, if you will, testing and deploying this quantity of patches to, say, 3000 PCs spread over multiple sites, running a vast collection of horrible proprietary software that breaks about 50% of the time if an update touches the .net framework because it was made in 1996 and the vendor doesn't exist any more so getting support from them is like pushing wet sh!t uphill with a rake.

Then your 'basic system maintenance' turns into hours upon hours of work for a team of professionals who are going to get shouted at if the software breaks when they patch.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums