14 DAY TRIAL // Counting the vulnerabilities impacting Internet Explorer 8 (IE8), customers running Windows 7 need to deploy patches for no less than 15 Critical security holes in the operating system, even if they have already upgraded to Service Pack 1 (SP1) RTM. Microsoft released a record number of security bulletins on April 12, 2011, resolving no less than 64 vulnerabilities across a range of products.
According to the software giant, users of Windows, Office, IE, Visual Studio, SMB, .NET Framework and GDI+ will all need to deploy the security updates made available earlier this week.
Pete Voss, senior response communications manager, Trustworthy Computing, Microsoft emphasized that 30 vulnerabilities are fixed by a single bulletin MS11-034, carrying a rating of Important.
Voss notes that three bulletins are considered priorities in terms of deployments, the patch package for IE, and also MS11-019 and MS11-020.
He even provided details about the security bulletins that customers around the world should make sure to deploy as soon as possible:
“MS11-019 (SMB Client). This bulletin resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow remote code executions if an attacker sent a specially crafted SMB response to a client-initiated SMB request.
The publicly disclosed vulnerability was posted to full disclosure on February 15. Microsoft investigated the issue and found that remote-code execution was extremely unlikely. As Microsoft has not seen any active attacks, we opted not to disrupt customers with an out-of-band bulletin.
MS11-020 (SMB Server). This bulletin resolves an internally discovered vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system.”
As far as Windows 7 SP1 is concerned, the Redmond company released eight Critical security bulletins and another three deemed Important.
Users of the latest iteration of the software giant’s productivity suite, Office 2010, will also need to install three security updates, all rated Important.
