Record-Breaking Patch Tuesday Announced by NewsFactor: Yahoo! Tech
Record-Breaking Patch Tuesday Announced
In a record-breaking Patch Tuesday, Microsoft issued 10 security bulletins and two security advisories this month.
The bulletins address a total of 31 vulnerabilities, 17 of which are rated as critical. The previous record was 28 last December. Analysts said enterprises need all hands on deck to get systems patched as quickly as possible.
Of the patches issued this month, the most significant appear to be several that affect Internet Explorer, as the Web continues to be a preferred method of exploit by cybercriminals, according to Ben Greenbaum, senior research manager at Symantec Security Response.
"The four Internet Explorer fixes that address HTML object memory corruption vulnerabilities-the first ever patch for Internet Explorer 8 being among these-are of particular interest," Greenbaum said. "These weaknesses actually appear to be quite simple to exploit and we have observed malicious code being offered in malware toolkits that have taken advantage of very similar vulnerabilities."
Is Microsoft Splitting Hairs?
As someone who's always interested in remote code execution, the MS09-018 bulletin is the most interesting to Tyler Reguly, a senior security engineer at nCircle. He also offered a "notable mention" MS09-022, which fixes the Windows Print Spooler vuln, because malicious servers that exploit the client are always technically interesting.
"I think it's important to call out the hair splitting that Microsoft seems to be doing these days around the term 'elevation of privilege.' MS09-020 allows access to pages requiring authentication when a 'specially crafted anonymous HTTP request' is sent," Reguly said. "Anonymous doesn't sound like 'elevation of privilege' to me, but Microsoft cites the fact that special permissions must be given to the anonymous user as justification."
Reguly also pointed out that June saw only six out of the 31 vulnerabilities related to listening services. He called this a trend that deserves special attention. If you add in MS09-for interaction with a remote service, you end up with 24 out of 31 CVEs related to local vulnerabilities, he said.
"Many, including Microsoft, will consider these to be the most critical," he said, "yet most of these issues would be far less critical if every computer was operated using the principle of least privilege."
Beware of Gumblar
According to Don Leatham, senior director of Solutions and Strategy, Lumension, MS09-019 is the most important patch in June. It addresses seven separate vulnerabilities across Internet Explorer 6 and 7 for both XP and Vista. That means that almost all Windows users will soon be vulnerable while browsing the Web.
Like nCircle's Reguly, Leatham also called out MS09-018 as a vulnerability that IT admins should prioritize because it addresses a "critical" remote code execution for Windows Server 2000 and "important" denial of service vulnerabilities on more recent Microsoft server platforms.
"IT professionals should also be aware of the recent threat known as Gumblar. The recent increase in the wave of hacking toolkits used to infect Web sites with drive-by malware yet again shows the need to patch wide and patch fast," Leatham said.
"June's Patch Tuesday, while being disruptive to the enterprise, perhaps also shows a positive trend, building evidence that Microsoft's security-focused coding practices have improved the current code base, with a majority of this month's patches being rated critical only on legacy platforms and applications -- the Internet Explorer patch being the main exception this month."