madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Patch Tuesday heads-up: 9 bulletins, 13 Windows vulnerabilities

By | September 9, 2010, 12:27pm PDT

Summary: Microsoft’s September batch of security patches will include fixes for 13 documented vulnerabilities affecting Windows, Internet Information Services (IIS), and Microsoft Office.

Microsoft’s September batch of security patches will include fixes for 13 documented vulnerabilities affecting Windows, Internet Information Services (IIS), and Microsoft Office.

According to the company’s advance notification for this month’s Patch Tuesday, there will be a total of 9 bulletins (four rated critical) addressing flaws in all versions of Windows, including Windows 7 and Windows Server 2008.

The Microsoft Office bulletins will cover security holes in Microsoft Office XP, Microsoft Office 2003 and Microsoft Office 2007.  It is likely these will include fixes for the DLL load hijacking attack vector that affects hundreds of Windows applications.

Seven of the nine bulletins address flaws that could lead to “remote code execution” attacks so it’s important for affected Windows users to pay close attention to this patch batch.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Bulletin, Microsoft Windows, Microsoft Office, Operating Systems, Software, Office Suites, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a security evangelist. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Talkback Most Recent of 34 Talkback(s)

  • Oh no, not more security holes to plug
    don't tell me I still have more windows security holes to plug, I'm sick and tired of plugging security holes in windows.

    Damn Microsoft, you give me no peace.
    ZDNet Gravatar
    OS Reload
    9th Sep 2010
  • RE: Patch Tuesday heads-up: 9 bulletins, 13 Windows vulnerabilities
    @OS Reload
    It would be interesting to compare how much time is spent patching each OS. For home users, the time would be very close to 0 since this all happens automatically.

    For corporate users, things get more complicated because Linux patches kind of stream in on a daily basis while OS X patches tend to build and build and build and then get dumped on the user in huge mega patches. Also interesting is how easy / complicated it is to push patches out to enterprise desktops on various OSs. In enterprise settings, you usually don't want to set the desktops to patch themselves so tools for pushing patches becomes incredibly important.

    Or did you just want to make the point that only Windows has patches? Sorry if my non zealot post rained on your anti-MS parade. sad
    ZDNet Gravatar
    NonZealot
    9th Sep 2010
  • RE: ...that only Windows has patches?
    @NonZealot

    You do know better! Even my favorite Linux gets patches.

    OSReload's concern is that he most likely has to test these patches, and make sure that they don't break something. When you have lots of people doing nothing because their computer is borked; damagement gets all huffy about it. It is not only Microsoft that causes lots of grief; I do remember an anti-virus vendor that bricked systems recently (*cough* McAfee *cough*) [read more: http://news.idg.no/cw/art.cfm?id=21FB2532-1A64-67EA-E4C307CEA2824778]

    So, its not just Microsoft, it is the entire Windows ecosystem that is problematic. Thank God I do not have to deal with it anymore.
    ZDNet Gravatar
    fatman65535
    9th Sep 2010
  • @fatman: So you don't test Linux patches?
    OSReload's concern is that he most likely has to test these patches

    So you don't test Linux patches? YIKES!!!! That's risky.
    ZDNet Gravatar
    NonZealot
    9th Sep 2010
    • Flagged
  • It's not limited to Windows.
    @fatman65535: So, its not just Microsoft, it is the entire Windows ecosystem that is problematic.

    All operating systems require patching. And testing patches prior to deployment on critical systems is a requirement for all operating systems. There's nothing unique to Windows.
    ZDNet Gravatar
    ye
    10th Sep 2010
  • RE: Patch Tuesday heads-up: 9 bulletins, 13 Windows vulnerabilities
    @OS Reload
    I agree. It is extremely inconvenient that every time they do one of these "critical" updates my computer has to be cycled off then back on again and I have to reload the running applications (If it weren't for certain buggy Microsoft products--like Microsoft Office Live--I wouldn't have to restart my computer periodically). For a company that likes to brag about its "stability" numbers, being forced to restart my computer every month puts the lie to that stability.
    ZDNet Gravatar
    tkepner
    9th Sep 2010
  • RE: Patch Tuesday heads-up: 9 bulletins, 13 Windows vulnerabilities
    @tkepner

    Uh, what? Office 14 is not 'buggy' in the slightest, and I've NEVER had my machine have to be restarted because of that.
    ZDNet Gravatar
    Lerianis10
    9th Sep 2010
  • RE: Patch Tuesday heads-up: 9 bulletins, 13 Windows vulnerabilities
    @tkepner
    You have to restart it every month? Dang. I usually cut mine off at night to save energy.
    ZDNet Gravatar
    Au1
    10th Sep 2010
  • RE: Patch Tuesday heads-up: 9 bulletins, 13 Windows vulnerabilities
    @tkepner L : I used tohave to restart win3.1, WFWG and win95 fairly often. It was annoying, but it was a new wave and to some degree expected and only annoying. Win 98 seldom ever had to be restarted by the end of its liife. Wiin XP which I'm still using almost never has to be restarted and if either does need a restart, it's not due to windows OS; it's due to other applications or even cockpit errors. Vista sucked so badly it never got the change to be itemized on my machineis; it went in and came right off. Since win7 is a rewritten Vista basically, I've never even bothered with it - even if it was a good rewrite, those two offer me nothing, absolutely nothing, that XP can't do.
    The "trick" is in keeping a machine running well and paying attention to it. At this point, you just plain do not have to restart 98 and XP Pro SP3. Having to do restarts is indicative of other problems in the machines.
    ZDNet Gravatar
    twaynesdomain
    10th Sep 2010
  • RE: Patch Tuesday heads-up: 9 bulletins, 13 Windows vulnerabilities
    @tkepner : Come on, "cycling" your computer is a real poor excuse for anything negative. Have it all happen when you aren't at the computer.
    Snce win98, the major problems and reasons for restarts are more from poorly written apps than anything else, not from windows. If you can't tell a good vendor from a bad one, reliabbility and stability wise, then you have bigger problems.
    My machine is set to turn itself ON about an hour before I'll need it nthe AM, and turns itself OFF after a certain hour every night. It shuts off late enough that the nightly drive images are scheduled to be done after the workday ends and before the Shut Down (actually, Hibernate) every might.
    It seems your time would be better spent opening up your mind and researchng/repairing the problems you have than to simply complain about them. Live isn't the reason for some of your problems as you indicate either; I know of several machines where it causes zero, nada problems and no machines where it does cause a problem. It's all a matter of what would best be defined as preventive maintenance to keep things well oiled as opposed to bitchinig about them.

    You're not alone in the allegations I've made here and I'm not specifically picking on you yourself.
    ZDNet Gravatar
    twaynesdomain
    10th Sep 2010
  • RE: Patch Tuesday heads-up: 9 bulletins, 13 Windows vulnerabilities
    @tkepner Belford lawsuit
    online institutions
    online learning
    ZDNet Gravatar
    bynes69
    9th Sep
  • RE: Patch Tuesday heads-up: 9 bulletins, 13 Windows vulnerabilities
    @tkepner Nation High School
    ZDNet Gravatar
    bynes69
    9th Sep
  • RE: Patch Tuesday heads-up: 9 bulletins, 13 Windows vulnerabilities
    @tkepner Ashwood University
    ZDNet Gravatar
    bynes69
    9th Sep
  • What would you have them do?
    @OS Reload
    There are couple of options:
    1. Do a patch every Tuesday so that MS gets ample time to test the patches on the umpteen numbers of hardware and software combinations that they have to support
    2. Give a patch every day, dont test it but claim that you are quick and can innovate rapidly
    3. Patch every 6 months, similar to Apple where they let it pile on and unload as a mega patch
    4. Not release any patch for 2 years but instead focus on rewriting the OS to never have any security vulnerabilities ever. I dont think mighty Linux has been able to achieve that either
    5. Get out of the OS business altogether, just proclaim this Tuesday's patch is the last on ever

    Given these options, I think number 1 looks likes the best so far
    ZDNet Gravatar
    DontBeEvil
    9th Sep 2010
  • RE: Patch Tuesday heads-up: 9 bulletins, 13 Windows vulnerabilities
    @DontBeEvil Thanks for sharing. i really appreciate it that you shared with us such a informative post..
    Thesis Dissertation Admission Essay Essay Assignments
    ZDNet Gravatar
    silvermessenger
    23rd Aug
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources