Windows Enterprise Desktop

Dec 14 2010   3:03PM GMT

Big Batch of Security Updates for Final Patch Tuesday of 2010

Ed Tittel Ed Tittel Profile: Ed Tittel

Holy Moly! I just took a quick look at the Microsoft Security Bulletin Advance Notification for December 2010 (this is a temporary placeholder for the actual security bulletin, which will be released at the same time Microsoft posts its updates to the Windows Update Service, so the final bulletin may be in place by the time you read this). There are 17 security updates in the queue for this month, which is certainly the highest number I’ve seen. In fact, according to Mark Reavey of the Microsoft Security Response Center (MSRC) this is the highest number of updates ever released on a Patch Tuesday. See his MSRC blog “December 2010 Advance Notification Service is released” (12/9/2010) for some interesting information about total bulletin counts, vulnerabiliites covered, and information security trends.

Among the most interesting tidbits from this blog is the declaration that Microsoft “…will be closing the last Stuxnet-related issues this month. This is a local Elevation of Privilege vulnerability and we’ve seen no evidence of its use in active exploits aside from the Stuxnet malware.” Likewise, an older (reported in November 2010 in MS Security Advisory 2458511) Remote Code Execution vulnerability in Internet Explorer that affects versions 6, 7, and 8 will also be addressed in the December security updates. Finally, Reavey also points to an interesting article from Microsoft Security Research & Defense entitled “On the effectiveness of DEP and ASLR” (DEP is Data Execution Prevention, and ASLR is Address Space Layout Randomization, two techniques Microsoft uses to good effect to limit the impact of exploit attempts, especially those that seek to leverage buffer overflow weaknesses).

It will be interesting to read more details about this month’s security updates when Microsoft posts them to its update servers at about 11 AM Pacific time today (-08:00 UCT). I’ll post further on what’s in the mix in a follow-up blog tomorrow.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: