Skip to main content

Microsoft Delivers Big Dollop Of Security Patches

Software giant Microsoft has dished out a total of eleven patches for 25 Windows, Office and Exchange vulnerabilities, nine of which were rated 'Critical' by the Redmond based company.

However, security experts were prompt to point out two 'Critical' rated patches, which address flaws in Windows Media Player and a popular video file format, need to be installed as a priority as they can be exploited by drive-by attacks with a risk of spreading all over the internet.

According to security researchers at various firms, the two Windows Media flaws, code named 'MS10-026' and 'MS10-027' are related to the DirectShow video codec and Windows Media Player respectively.

The researchers over at the nCircle security firm warned that the two vulnerabilities can be exploited in an movie-to-malware attack in which users think they are watching a video but instead their PCs are being infected by malware.

Expressing his views on the matter, Jason Miller, data and security manager with Shavlik, said in a statement that “The Internet is a giant media hub now. These are very good targets, because first of all, lots of people aren't going to upgrade [Windows Media Player] and second, most people watch video when they're online.”

Our Comments

Meanwhile, researchers also warned that according to the information provided by Microsoft, the two vulnerabilities in question have been exploited in the past and have given it a week before they see the bugs being exploited in the wild.

Related Links

Microsoft, Adobe, Oracle unite with massive patch batch

(The Register)

April's Patch Tuesday sees 11 fixes


Microsoft blocks 'movies-to-malware' attacks

(Computer World)

MS preps 5 Windows critical fixes for busy Patch Tuesday

(Channel Register)