Windows Security Update Ties All Time Record for Fixes

Microsoft has released security updates for 34 different problems, a monthly total that has only been matched once. Three sets of problems are ranked as critical, and several are so-called zero-day bugs.

A zero-day bug is one in which the problem is not discovered by the software developer itself. This creates the risk that hackers will be able to get a head-start on finding a way to exploit the bug before the developer is able to produce a fix.

The critical issues affect both Internet Explorer and Windows itself. Of the 10 security bulletins, these are the priority for installation and deployment, particularly for business users who find it easier to install updates one at a time across a network.

PWN2OWN Issue Finally Fixed

The Internet Explorer issues (grouped as security bulletin MS10-035) affect all currently-used versions of the browser across all editions of Windows. The update fixes several bugs publicized earlier this year, most notably one by security researcher Peter Vreugdenhil who used it to win the PWN2OWN "hacking" contest.

That flaw was particularly serious as it bypassed several of the key features of Windows designed to add extra protection to limit the amount of damage a hacker could do..

Media Files May Be Poisoned

The other two critical updates, MS10-033 and MS10-035 deal with Windows. The former could be exploited by a user being tricked into opening a malicious media file or visiting a site with infected streaming content. The latter affects several pieces of software using the ActiveX programming system and the fix comes in the form of a "killbit," which is simply an instruction to Windows to avoid using the relevant software components. (Source: microsoft.com)

The most notable of the remaining updates, rated as important (the second most severe level), covers no fewer than 14 different problems with the Microsoft Office application suite. They could all be exploited by a hacker tricking a victim into opening an infected Excel file.

Given the release and the obvious hacker interest, it may be worth taking extra care to avoid opening such files from unknown sources and checking carefully to make sure those from known contacts are genuine. (Source: qualys.com)