New
#1
here is some more news from sofpedia
Microsoft to Plug 11 Security Holes in Windows, IIS and Office on September 14 - Softpedia
More -
According to the Microsoft Security Response Center, Microsoft will issue nine Security Bulletins addressing 13 vulnerabilities on Tuesday, September 14. It will also host a webcast to address customer questions the following day.
Four of the vulnerabilities are rated "Critical" and the other five are marked "Important." All of the Critical vulnerabilities earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least four of the nine patches will require a restart.
The list of affected operating systems includes Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Microsoft Office XP, Office 2003, and Office 2007 are also being patched.
Microsoft Patch Tuesday for September 2010: nine bulletins
here is some more news from sofpedia
Microsoft to Plug 11 Security Holes in Windows, IIS and Office on September 14 - Softpedia
But still no permanent fix for the recently announced "DLL preloading attacks". Although there are some workarounds.
Microsoft Security Advisory (2269637): Insecure Library Loading Could Allow Remote Code Execution
are you looking for this?
A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm
No, that's the workaround Microsoft came up with. From that article, "The fix it solution described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this fix it solution as a workaround option for customers to protect their systems while a security update is not available or cannot be installed."
As far as I know, the fix it option is supposed to be a workable solution. Unfortunately, MS had some other fix it solutions over the years for other issues relating to XP, IE7, et al that caused considerable grief. Basically, those other fix its also altered the registry. Then when MS came out with their permanent security update, it conflicted with the fix it solution. MS had to scramble to create an "undo" option for the fix it so the permanent security update could be safely installed. I got caught up in one of the IE 7 fix it solutions. Even the "undo" didn't work the way it was supposed to. Hopefully MS has learned from their past mistakes and this fix it will seamlessly work with an eventual permanent security update.
Waiting for Microsoft Security Updates (KXXXXXXX) has always worked better for me. I try not to use patches. As has been stated, some times they can argue with each other.