Microsoft Patches 21 Vulnerabilities
Microsoft's issued security updates have finally patched up all the 21 vulnerabilities that the company recently noticed in its Windows, Internet Explorer (IE), Office, .Net, Silverlight and SharePoint Server.
The company has issued nine security updates for the above patch up plus for several critical bugs that it exploited with drive-by attacks.
Out the total of 9, the company marked four of its updates as "critical," whereas some others were marked "important." Calculation of the 21 total vulnerabilities was solved by six critical, 14 important and one moderate update.
Updates used in the list included both MS12-010 (fixed four vulnerabilities in Ie) and MS12-013 (one-patch update to Windows Vista, Windows 7, Server 2008 and Server 2008 R2), which are generally the solutions for any such deployments.
Both the updates are very common thus no promptings have taken them to the top of the patch list, says Mr. Jason Miller, VMware's Manager of research and development.
"Browsers and media files are the most sought-after for attackers because the audience is the biggest user base they can hit", said Miller.
He further explained how easy it is to exploit MS12-010 with the drive-by attacks, which an attacker with the help of only an IE user of any malicious website can trigger the vulnerability. Also, he talked about MS12-008, which helps in patching critical flaws in Microsoft's C Run-Time Library (dynamic link library (dll) that works with numerous versions of Windows, and is used not only by Microsoft but third-party developers as well).
Mr. Andrew Storms, Director of security research at nCircle Security also released statements regarding the situation in which he particularly talked about the Security Research & Defense blog and how their efforts helped exploiting [the vulnerability] through Windows Media Player.