Usually I do not talk much about Patch Tuesday from Microsoft, but this time round, it totals to about 30 or so updates on most system with Windows and Office. I think that is would the mention. Not only that, there are 6 rated CRITICAL and many which does not have full details on what and how it is exploited as Microsoft got the vulnerability in private. Doesn't that worry you? It should. For all you know some of these vulnerabilities had already been used in the wild, so I suggest you roll in these patches as soon as possible. (How about NOW??)
So, what are fixed in this round? Here is a summary of it:
- Kernel driver bug due to TTF (yes, I know your WTF look, why would a TTF font be injected into kernel...?) This allow escalation and there is full source code available.
- Several .Net Framework and Silver patches
- Vulnerability in GDI+. Seriously, I think they will never get this fix since it comes back every time.
- IE. For once, IE 10 is badly hit. Usually most vulnerability would not affect IE 10 (on Win8 especially). Well, this is really the patch you need to install ASAP since IE will be your first point of contact.
- Directshow with GIF files. Makes you think how a simple file format thing like PDF, PNG (oh yes, last month we just had one), DOCX or sort. It does seems to have a trend of attacking file formats nowadays.
- Windows Media Format. WMF. There we have it, just to prove my previous point.
- Windows Defender. It's a path transversal. Well, even the big giants has faults sometimes. But the scary part is Microsoft does patch it... Do you see other AV vendors patching their main program much (I know you get updates, but those are AV signatures, they are different things)?
And other patches involving SD card removal, new camera models, language pack and fonts.
So, you can see its going to be a busy busy week. And whoever is using those exploits will probably be sweating or trying their last strike to make good use of it before you patch your computer.
No comments:
Post a Comment