Risk
10/7/2010
10:42 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Record Microsoft Patch Tuesday Ahead

Administrators, get your rest this weekend. According to Microsoft's advanced warning, next Tuesday is going to be a record-setter when it comes to software vulnerability updates.

Administrators, get your rest this weekend. According to Microsoft's advanced warning, next Tuesday is going to be a record-setter when it comes to software vulnerability updates.According to the software maker, there will be a total of 49 vulnerabilities covered in 16 separate security bulletins next week. Microsoft ranked 4 of those bulletins as "critical" (its most severe rating), 10 as important, and 2 as moderate.

The flaws will affect versions of Windows, Internet Explorer, Office, and .NET Framework. Groove Server and Microsoft SharePoint will also be updated.

Nine of the bulletins address flaws that could be remotely exploited by attackers.

There is reasoning behind the madness of such a large vulnerability dump. Many companies, such as those involved in retail, eCommerce, and financial services, lock down their infrastructures as the holiday shopping season swings into full steam and the year itself winds down.

While it's not much solace now, it does mean November and December shouldn't be so patch abundant.

For more information, visit Microsoft's advanced notification site.

As always, Microsoft will host a webcast for anyone who has questions, the Wednesday immediately following Patch Tuesday.

For my security and technology observations throughout the day, consider following me on Twitter.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3308
Published: 2015-09-02
Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.

CVE-2015-4330
Published: 2015-09-02
A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.

CVE-2015-6274
Published: 2015-09-02
The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassembly, aka Bug ID CSCuv71273.

CVE-2015-6277
Published: 2015-09-02
The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote...

CVE-2015-6587
Published: 2015-09-02
The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.