Record Patch Tuesday combines with swathe of extra fixes for corporates.
It’s a busy week for corporate admins as
Microsoft
‘s monthly Patch Tuesday security bulletin, containing a bumper 16 separate alerts covering nearly 50 separate vulnerabilities in the company’s software range, emerged the same day as a similarly sizeable raft of fixes from
Oracle
, affecting both its long-standing database range and recently acquired
Sun Microsystems
products including the
Solaris
operating system,
Java
programming platform and
OpenOffice
productivity suite.
The
Microsoft
release, thought to be the biggest ever in terms of unique flaws covered, includes four alerts labelled ‘Critical’, including problems with the
.NET Framework
, the
Media Player
server service, the
Embedded OpenType Font Engine
, and the usual collection of fixes for the
Internet Explorer
browser. All of these will affect multiple versions of
Windows
and may expose unpatched users to remote code exploitation and system compromise. Other software needing patching includes kernel-mode drivers,
Word
,
Excel
and much more besides.
Oracle
‘s patching regime runs quarterly, with
Java
updates released three times a year, and the two overlap in October. The latest release issued on Tuesday includes a large number of fixes for the firm’s range of data management solutions as well as patches for serious, remotely exploitable vulnerabilities in
Solaris
,
Java
and
OpenOffice
/
StarOffice
. Full details of the issues with
Oracle
‘s core products are available
here
, with coverage of the
Java
problems
here
and the schedule for future patch releases
here
.
Microsoft
‘s October bulletin is
here
, with a summary from
SANS
here
and a detailed blog from
Symantec
here
. More commentary on the patch bonanza, including discussion of its relevance to the infamous Stuxnet threat, is at
The Register
here
.
As usual, anyone running vulnerable software is advised to apply all patches or workarounds as soon as possible.
Posted on 14 October 2010 by
Virus Bulletin
Leave a Reply