IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft releases last patches of the decade

Microsoft fixes an exploitable Internet Explorer vulnerability.

red cross

Microsoft has released its last patches of 2009, with a fix securing Internet Explorer top of the list.

The Internet Explorer bulletin (MS09-072) was the only patch this month that carried a critical' severity rating with a maximum exploitability rating.

This was due to the exploit code for the Internet Explorer 6 and 7 flaw being available publicly, although it wasn't reliable.

Symantec senior research manager Ben Greenbaum said it had been a race between attackers to improve the reliability of the exploit and Microsoft to either get a patch out.

So far, the company hadn't seen the exploit improve its consistency or any evidence of successful attacks in the wild.

Matthew Walker, regional director for UK and Ireland at Lumension, said in a statement that MS09-072 potentially had the biggest impact.

He said the patch affected all IT environments running Internet Explorer 6,7 and 8, and specifically impacted Windows 7, Vista and XP, which all required a restart.

"This, combined with updates issued by Apple for Java for OSX and Adobe for Flash Player and AIR, make this month particularly important for IT departments to shore-up patches and protect against web-borne malware threats."

There were two critical vulnerabilities affecting Windows, with one bulletin affecting Windows Server 2008 and also requiring a restart.

Walker said: "Although Microsoft's exploitability scale for this bulletin is less severe, as Windows Server 2008 is most commonly deployed in support of mission critical applications, this update has the potential to be severely disruptive to business operations."

In total, there were six security bulletins addressing 12 vulnerabilities.

Adobe also released critical security updates for Flash Player and AIR, that came very soon after a zero-day flaw was discovered on Illustrator CS3 and CS4.

"Though both of Adobe's updates are critical, the Flash Player update should be applied immediately by all users," said Greenbaum. "Flash is used so commonly that it should definitely be a high priority."

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Adobe forced to patch its own failed security update
bugs

Adobe forced to patch its own failed security update

18 Feb 2022
Adobe rolls out new PayPal payment options through Adobe Commerce
e commerce

Adobe rolls out new PayPal payment options through Adobe Commerce

16 Sep 2021
Signs it’s time to upgrade your CMS
Whitepaper

Signs it’s time to upgrade your CMS

23 Aug 2021
Engaging the new digital workforce blueprint
Whitepaper

Engaging the new digital workforce blueprint

23 Aug 2021

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022