This month Microsoft issued 11 bulletins that address a record 26 vulnerabilities, 17 of them rated as critical. The 26 vulnerabilities are the most Microsoft has addressed since it had 25 in August 2006, which additionally had 17 rated as critical.

The patch for the vulnerability in the Snapshot Viewer for Microsoft Access ActiveX control is vital considering shortly after the issue became public on July 7 there was evidence of it actively being exploited, according to Ben Greenbaum, senior research manager for Symantec defense response.

“Since thereupon, attackers have fine-tuned their exploits, resulting in even more widespread attacks,” Greenbaum said. “The Snapshot Viewer issue impacts any Net Explorer 7 users that have the ActiveX control installed and any Web Explorer 6 users regardless whether they have the control installed or not. The nature of the control allows the attacker to install [malicious code] and exploit the vulnerability without any user interaction.”

An Early End

Summer vacation may be by a little early for network safety measure professionals. All seven critical patches are identified as fixing “remote cipher execution” vulnerabilities that can in many cases give criminals control of a computer and access to its resources.

To prepare things even busier, IT teams need to ensure that they have addressed two recent and crucial Microsoft defense Advisories, said Don Leatham, director of solutions and strategy at Lumension protection. Those advisories are MS-954960 and MS-956187.

“Once exploit cipher for the DNS vulnerability announced in July became available, Microsoft took the strange step to issue that protection advisory that encouraged customers to update their DNS servers ASAP, even though the original bulletin rating was an crucial and not as Critical,” Leatham said. “Given the publicly available exploit cipher and the possible compromise of critical DNS services, IT teams that have not deployed that…

Original post by dhiram