By Gregg Keizer; Jaikumar Vijayan
October 20, 2008
Microsoft Corp. and Oracle Corp. each dropped a bevy of software patches
on their users last Tuesday, with Microsoft issuing 11 updates to plug a
total of 20 security holes and Oracle releasing 36 separate fixes.
Microsoft's monthly batch of patches was designed to fix vulnerabilities
in Windows, Office, Internet Explorer and other products. The company
rated 11 of the flaws as "critical," its highest severity level, while
eight were pegged as "important" and one as "moderate."
The patch release also marked the launch of Microsoft's Exploitability
Index, which gauges the likelihood that attackers will be able to
exploit the various vulnerabilities within 30 days. Eight of the 20
flaws received the highest ranking -- meaning the development of
consistently functional exploit code for them is likely.
Microsoft announced plans to add the exploitability predictions in
August, saying that the index was designed to help users prioritize
their patching plans.
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!