Last updated at Tue, 16 Jan 2024 16:38:44 GMT
Microsoft's patch this month, which consists of 14 bulletins that address 34 vulnerabilities, is the largest since October 2009. With the massive amount of work that lies ahead, it may help to prioritize your work.
Josh Abraham, Rapid7 Security Researcher, recommends that you pay particular attention to MS10-054. This vulnerability in the SMB protocol “is potentially the most dangerous vulnerability as it allows unauthenticated attackers to execute arbitrary codes on remote machines.” Abraham notes further that, “if MS10-054 is weaponized, it would primarily be useful against XP SP3, since the other versions of Windows were not rated as critical for this bulletin. This means that an attacker would be able to exploit workstations on an internal network in the most common situation.”
Here is the breakdown of the bulletins that have a high potential for exploits:
046 - Critical - Exploit in the wild
Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)
047 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852)
048 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2160329)
050 - Important
Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997)
052 - Critical
Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168)
053 - Critical
Cumulative Security Update for Internet Explorer (2183461)
055 - Critical
Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665)
056 - Critical
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)
057 - Important
Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707
058 - Important
Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886)
059 - Important
Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799)
060 - Critical
Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)
NeXpose Community Edition, the free version of NeXpose, has coverage within 24 hours of the release. NeXpose Community Edition will enable you to detect these and every other Microsoft vulnerability and, if you wish, launch Metasploit Security Testing to confirm the presence and exploitability of the exposure(s) with publicly available exploits on up to 32 hosts in your environment. For small environments with 32 nodes or less, you can use NeXpose to provide free detection within 24 hours of Microsoft's update release.
For larger environments, we invite you to download NeXpose Enterprise. Get it here.