Patch Tuesday: MS plugs critical IE, Windows Media Player holes
Microsoft today released its largest ever batch of Patch Tuesday updates to fix a whopping 34 security holes in a wide range of widely deployed software products.
The latest patch batch covers critical vulnerabilities in software products that are bundled with Microsoft’s dominant Windows operating system (Internet Explorer and Windows Media Player) — and several known security problems (SMB v2 and FTP in IIS) for which functioning exploit code has already been publicly released.
The SMB v2 issue, which has been in the news over the last month
, has been addressed with MS09-050
, a critical bulletin that actually address three separate documented vulnerabilities.
The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
[ SEE: Microsoft FTP in IIS vulnerability now under attack