Microsoft's massive security fix |
Connect with TechFlash on our Facebook page for all the latest technology news headlines and commentary, plus information and access to special events, photos from events, promotions and more.
Today On Techflash
- Amazon falls on world's most valuable brand list; Microsoft at No. 5
- Amazon announces deal with Paramount Pictures
- Group plans protest at Amazon shareholder meeting
- Seattle webcomic The Oatmeal generates Tesla-Edison controversy
- Amazon shareholders met by protesters, company cuts ties with ALEC
- Microsoft Windows Phone tops Apple's iPhone in China
Mass High Tech
- Microsoft Build: Windows 8 preview a hit, but are investors unhappy?
- Build an app in a day at Mobile App Hackathon
- Beefed-up Skype for Windows; Indie author joins Amazon's 'Kindle Million Club'
- Only solution to Xbox 360 update error is new console
- Ballmer: Windows Phone update 'Mango' has over 500 new features
Microsoft's massive security fix
Microsoft today released a whopper of a security update, reportedly matching the largest on record, with 14 security bulletins -- eight considered critical, and six important -- addressing 34 vulnerabilities in Microsoft Office, Microsoft Windows, Internet Explorer, Silverlight, Microsoft XML Core Services and Server Message Block.
In other words, get ready for your Windows PC to spend quite a bit of time downloading patches if you've got Windows' Automatic Updates mechanism turned on. And if you don't, you probably should.
Here are the four updates that Microsoft is calling its top deployment priorities, along with the company's descriptions of the vulnerabilities.
MS10-052 Resolves a privately reported vulnerability in Microsoft’s MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.
MS10-055 Resolves a privately reported vulnerability in the Cinepak codec that could allow remote code execution if a user opens a specially crafted media file, or receives specially crafted streaming content from a Web. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.
MS10-056 Resolves four privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Windows Vista and Windows 7 are less exploitable due to additional heap mitigation mechanisms in those operating systems.
MS10-060 Resolves two privately reported vulnerabilities, both of which could allow remote code execution, in Microsoft .NET Framework and Microsoft Silverlight.
Update: Here are two charts that Microsoft issued to help Windows users and IT administrators sort through and understand the various patches released today. Click for larger, readable versions.
If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.
