Microsoft’s Patch Tuesday plugs 34 security holes

14 Oct 2009

Yesterday, Microsoft released its biggest-ever Patch Tuesday with 13 bulletins covering 34 security flaws.

Six of these bulletins released by Microsoft were also for Windows 7 users while the remaining covered Microsoft Office, SQL Server, .NET, Internet Explorer and Silverlight.

Two of the six updates that affected Windows 7 were listed as critical, but security update MS09-061also affects editions of the Microsoft .NET Framework on Microsoft Windows 2000, Windows XP, Windows Vista and Windows 7; Microsoft Silverlight 2 when installed on Mac; and Microsoft Silverlight 2 when installed on all releases of Microsoft Windows clients.

The second critical update that affects Windows 7 is one where the vulnerabilities could allow for remote code execution if the user views a “specially crafted” web page using Internet Explorer – in other words, a phishing attack that relies upon a weakness in Internet Explorer code.

Another critical security update involved Windows Media player and patches a vulnerability that “could allow remote code execution if a specially crafted ASF file is played using Windows Media Player 6.4”.

An attacker who was able to exploit this vulnerability could effectively gain the same user rights as the owner. Those who use administrative rights on Windows were more vulnerable to this exploit.

All Microsoft downloads, including security updates, can be found here.

By Marie Boran, via