Microsoft, during their latest Patch Tuesday, has plugged 34 security holes while updating 14 security bulletins.
Four of the most critical bulletins were rated “highest priority” for enterprises.
14 bulletins is the highest amount of security bulletins ever released by the software giant during a Patch Tuesday, and a full eight were rated critical.
The four aforementioned “highest priority” bulletins are (via EW): MS10-052, which resolves a vulnerability in Microsoft’s MPEG Layer-3 audio codecs; MS10-055, which addresses a vulnerability in the Cinepak Codec used by Windows Media Player to support the AVI audiovisual format; MS10-056, which deals with four vulnerabilities in Microsoft Office; and MS10-060, which resolves two vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight.
Joshua Talbot, a security intelligence manager of Symantec Security Response pinpointed one of the none critical bulletins as being potentially very dangerous as well. That bulletin is MS10-054: “The SMB [protocol] pool overflow vulnerability [covered in MS10-054] should be a real concern for enterprises. Not only does it give an attacker system-level access to a compromised SMB server, but the vulnerability occurs before authentication is required from computers contacting the server. This means any system allowing remote access and not protected by a firewall is at risk.
“Best practices dictate that file or print sharing services, such as SMB servers, should not be open to the Internet. But such services are often unprotected from neighboring systems on local networks. So, a cyber-criminal could use a multistaged attack to exploit this vulnerability … [and] this issue affects more than just file servers using the SMB service. Workstations that have enabled file and print sharing are also at risk.”
[More]>>
Result for: resolves
Last week we reported that the AP had begun confronting a blogger over copyright issues, but it appears that both sides have come to a resolution in the dispute.
The AP had demanded that the site, the Drudge Retort, remove some of the new agency’s content. In a statement, Rogers Cadenhead, owner of the site, said he is “glad” that the dispute is over but said he still believes the larger conflict over the use of AP content still remains.
An AP statement added that both sides considered the matter closed and that the agency was “having a constructive exchange with a number of interested parties in the blogging community” about the current relationship between bloggers and news providers.
The agency also added it was working on developing guidelines for it considered permissible use of content by bloggers.
“I think it would be helpful for bloggers and users of social news sites to know what the AP believes to be fair use of their copyrighted work,” said Cadenhead’s lawyer, Wade Duchene. “I hope that any guidelines that are issued are not interpreted as an agreed definition of fair use under copyright law”, he added.
