July 13, 2010, 1:46PM
Pay Attention to MS10-042 Update
Comment 
Microsoft has released four new security bulletins in the July 2010 edition of patch Tuesday. These bulletins address five vulnerabilities.
It is not uncommon, and has become expected, for a light patch Tuesday to follow a heavy patch Tuesday release from Microsoft. Last month, Microsoft released a hefty load of patches with 10 security bulletins addressing 34 vulnerabilities.
The security bulletin that administrators should address first on their machines is MS10-042. This security bulletin addresses a currently exploited vulnerability in the wild affecting the Windows Help system. Earlier this month, this vulnerability and exploit code was released by a security researcher prompting Microsoft to release Security Advisory 2219475. For any zero day exploit, administrators should deploy the patch as soon as possible.
Editor's Pick
A second Security Advisory, 2028859, is being closed out with the release of Security Bulletin MS10-043. There are no current exploits being reported from Microsoft against this vulnerability although the vulnerability was publicly disclosed. The last two bulletins affect Microsoft Office programs and each can lead to remote code execution on an affected machine.
This may seem like a light patch month in the amount of effort required by administrators to protect their networks, but all administrators could have quite a work load as Windows 2000 and Windows XP SP2 have officially reached end of life support. These operating systems will no longer be supported after today's patch Tuesday. Microsoft will not be supplying new Security Bulletins for these operating systems going forward.
It is important for administrators to use this light patch month to identify these systems on their network and upgrade the machines to a supported operatingsystem or service pack level. Unlike patching, deploying new operating systems or service packs can be quite an undertaking as it requires plenty of time and effort.
* Jason Miller is data and security team manager, Shavlik Technologies.
Commenting on this Article is closed.
Today's Most Popular
- Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit
- Google Releases Beta of Chrome for Android
- Flash With Sandbox in the Works for Firefox
- DDoS Attacks Take on Political Motivations as Attackers Evolve
- Anonymous Leaks FBI, Scotland Yard Phone Call Detailing Hacking Investigations
Most Commented Stories
-
Mac OS X Sandbox Security Hole Uncovered (5)
-
Anonymous Leaks FBI, Scotland Yard Phone Call Detailing Hacking Investigations (5)
-
Privacy Fail: Is Uncle Sam Encouraging Bad Security? (8)
-
Flash With Sandbox in the Works for Firefox (4)
-
Apple Ships Huge Set of Patches for OS X (6)
Newsletter Sign-up
Take Our Poll
Follow Threatpost
 |  |  |  |
| Tumblr |
