Four critical updates this Patch Tuesday

Posted by   Virus Bulletin on   Oct 14, 2008

11 updates to be issued by Microsoft in October's monthly patch release: 4 critical.

Microsoft has prepared a total of 11 updates for the October round of its monthly patch release cycle, with four updates being rated 'critical'.

The four critical updates cover vulnerabilities in Active Directory, Internet Explorer, Microsoft HIS (Host Integration Server) and Excel. All the vulnerabilities could be exploited to execute arbitrary code from a remote source, hence their being given the highest rating.

In addition to the four critical updates, six more are rated 'important', while just one is assigned the lower rating of 'moderate'.

As always, users are advised to ensure they install updates as soon as possible to optimise security. More details on the release are in the advance notification, here.

Users are also warned to be wary of fake emails that have been circulating recently, which are designed to fool the recipient into believing they are from Microsoft and contain urgent updates, but which actually contain malicious code. While not crafted with a great deal of skill - for example including grammatical errors and referring to several versions of Windows which are no longer supported - their timing (to more or less coincide with the Patch Tuesday cycle) may be enough to fool unwary users. Microsoft, of course, never sends its updates as attachments to emails, and users are advised to receive updates through the Microsoft Update and Windows Software Update Services components or download directly from the Microsoft site.

Posted on 14 October 2008 by Virus Bulletin

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

NCSC gives important advice on lateral movement

The UK's National Cyber Security Centre (NCSC) has provided helpful and practical advice on preventing and detecting lateral movement by an attacker within a network.

What kind of people attend Virus Bulletin conferences?

If you are considering submitting a proposal for a talk to VB2018 and you're not familiar with the event, you may find it useful to know what kind of people attend the conference.

Olympic Games target of malware, again

An unattributed malware attack has disrupted some computer systems of the 2018 Winter Olympics. In 1994, a computer virus also targeted the Winter Olympics.

There are lessons to be learned from government websites serving cryptocurrency miners

Thousands of websites, including many sites of government organisations in the UK, the US and Sweden, were recently found to have been serving a cryptocurrency miner. More interesting than the incident itself, though, are the lessons that can be…

We need to continue the debate on the ethics and perils of publishing security research

An article by security researcher Collin Anderson reopens the debate on whether publishing threat analyses is always in the public interest.