Slight relief for IT admins with ‘lighter’ Patch Tuesday
After the mega patch in October, this month sees less problems for Microsoft to fix.
Microsoft has issued six security bulletins for Patch Tuesday, fixing 15 vulnerabilities in Windows, Windows Server, Microsoft Office Excel and Word.
Security researchers said that it was a lighter' Patch Tuesday, especially after the mammoth patch of last month that consisted of 13 security bulletins detailing 34 vulnerabilities
As reported last week, although Windows 7 was patched in October, this month sees the new operating system escape.
Bulletin MS09-065 was the only one that had a critical' severity rating as well as an Exploitability Index rating of one', meaning that consistent exploit code was likely.
This involved an Embedded OpenType font kernel vulnerability, which security vendor Symantec believed was the most serious of all the flaws fixed by Microsoft this month.
"Not only is proof-of-concept exploit code publicly available, but all that's required of a user is to become infected by it is simply viewing a compromised web page," said Symantec's Ben Greenbaum, in a statement:
"Symantec isn't seeing any active exploits of this in the wild yet, but we think attackers will be paying a lot of attention to it in the future."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Greenbaum said that researchers originally thought it would only result in a denial of service attack, but now knew that it could allow an attacker to run code on a user's machine.
"Because it's at a kernel level, it doesn't matter what system privileges the logged-in user has at the time of exploit, the entire system is at risk," he said. "This all makes it a potentially more lucrative vulnerability to exploit."