Patch madness

June 11, 2009:Symantec points out that Microsoft issued 10 security bulletins and two security advisories this month, making a total of 31 vulnerabilities which is a new monthly patch record.

“Of the patches issued this month, the most significant appear to be several that affect Internet Explorer, as the Web continues to be a preferred method of exploit by cybercriminals,” said Ben Greenbaum, senior research manager, Symantec Security Response.

“The four Internet Explorer fixes that address HTML object memory corruption vulnerabilities—the first ever patch for Internet Explorer 8 being among these—are of particular interest. These weaknesses actually appear to be quite simple to exploit and we have observed malicious code being offered in malware toolkits that have taken advantage of very similar vulnerabilities.”

“It should also be noted that exploits for the vulnerability Microsoft addressed this month in Internet Information Services have previously been made publicly available.” Greenbaum added.

A video of Symantec Security Response’s John Harrison discussing the vulnerabilities addressed this month can be viewed HERE.