Today was the final Microsoft Patch Tuesday of 2010. Unfortunately, any one working in patch operations hoping to slide easily through the end of the year is out of luck. Today Microsoft exceeded another record by releasing 17 new patches (previous record: 14, set in October) addressing 40 vulnerabilities.
I'll follow up in a few days with some year-end statistics and thoughts, but to get a little feeling for the kind of year it's been, note that Microsoft has released 106 security bulletins this year (so far...), compared to 74 in 2009 and 78 in 2008...a 40% increase over previous years!
Included this month are patches for a few vulns that have been disclosed publically and exploited in the past. MS10-090 addresses last month's 0-day vuln in Internet Explorer, which had seen some limited exploits in the wild. MS10-091 resolves a small pile of issues with the OpenType Font driver, none of which have been exploited as far as anyone knows. Finally, MS10-092 closes out the last known vulnerability that was exploited by the notorious Stuxnet worm.
McAfee’s products provide good coverage for this month’s vulnerabilities:
• McAfee VirusScan's buffer overflow protection is expected to provide proactive protection against exploits of 15 new vulnerabilities this month. • McAfee's Host Intrusion Prevention is expected to provide proactive protection against exploits of 20 new vulnerabilities this month. • McAfee's Application Control is expected to provide proactive protection for 20 new vulnerabilities. • McAfee's Network Security Platform will very shortly have content to protect against exploits of 27 new vulnerabilities. • McAfee Vulnerability Manager and Policy Auditor will very shortly have content to assess whether your systems are exposed to any of these new vulnerabilities.
Note that McAfee Application Control, Host Intrusion Prevention, and VirusScan each provide proactive protection for the 0-day vulns included in MS10-091 and -091. For full details, review the Threat Advisory. If you have an iPhone, iPod, or iPad, you might also like to take a look at our McAfee Global Threat Intelligence App for Mobile