Microsoft Issues Four Security Bulletins
July's 'Patch Tuesday' brings a relatively light load of fixes.
Microsoft on Tuesday released four Security Bulletins to address five vulnerabilities in its Office and Windows software.
Three of the bulletins are designated "critical" and one is designated "important."
More Security Insights
- How Attackers Identify and Exploit Software and Network Vulnerabilities
- Cloud Security: It’s Not Just for IT Anymore
- The Business Value of Hybrid Cloud -Based Compromise Intelligence Monitoring and Threat Mitigation
- Learn How Neustar Technology Can Block DDoS Attacks
MS10-042 addresses a "critical" vulnerability in the Windows Help and Support Center feature in Windows XP and Windows Server 2003. Acknowledged in a Security Advisory in June, this vulnerability is publicly known and actively being exploited.
MS10-045 fixes an "important" vulnerability in Microsoft Outlook that affects Outlook 2002, Office Outlook 2003 and Office Outlook 2007. MS10-045 was privately reported.
Joshua Talbot, security intelligence manager for Symantec Security Response, said in an e-mailed statement that only the Windows Help and Support Center vulnerability is being actively exploited.
"In just the few weeks since the Help and Support Center issue came to light, three public exploits have surfaced, all using different attack mechanisms," he said. "We saw attack activity begin increasing on June 21, but it's since leveled out."
He notes that while the Outlook SMB attachment vulnerability is not rated "critical," it's nonetheless likely to be exploited.
Characterizing the July patches as mundane, Oliver Lavery, director of security research and development for nCircle, says the Outlook patch is the most interesting of the lot. Enterprises, he said in an e-mailed statement, should pay attention to this vulnerability, which could be exploited to bypass Outlook's warning about potentially malicious attachments.
"This is significant because Operation Aurora and other high profile e-mail based attacks over the last year have proven to be highly successful," he said.
Microsoft also offered a reminder that support for Windows XP Service Pack 2 ends today. Extended support for Windows 2000 has also come to an end.
Josh Abraham, security researcher at Rapid7, in an e-mail statement urged enterprises to make sure that they have migrated to Windows XP SP3, at least.
Black Hat USA 2010 presents a unique opportunity for members of the security industry to gather and discuss the latest in cutting-edge research. It happens July 24-29, in Las Vegas. Find out more and register.