[ISN] Microsoft, Oracle get busy plugging security holes

From: InfoSec News <alerts_at_private>
Date: Wed, 22 Oct 2008 05:02:36 -0500 (CDT)

By Gregg Keizer; Jaikumar Vijayan
October 20, 2008 

Microsoft Corp. and Oracle Corp. each dropped a bevy of software patches 
on their users last Tuesday, with Microsoft issuing 11 updates to plug a 
total of 20 security holes and Oracle releasing 36 separate fixes.

Microsoft's monthly batch of patches was designed to fix vulnerabilities 
in Windows, Office, Internet Explorer and other products. The company 
rated 11 of the flaws as "critical," its highest severity level, while 
eight were pegged as "important" and one as "moderate."

The patch release also marked the launch of Microsoft's Exploitability 
Index, which gauges the likelihood that attackers will be able to 
exploit the various vulnerabilities within 30 days. Eight of the 20 
flaws received the highest ranking -- meaning the development of 
consistently functional exploit code for them is likely.

Microsoft announced plans to add the exploitability predictions in 
August, saying that the index was designed to help users prioritize 
their patching plans.


Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
Received on Wed Oct 22 2008 - 03:02:36 PDT

This archive was generated by hypermail 2.2.0 : Wed Oct 22 2008 - 03:12:44 PDT