Welcome to another addition of patch Tuesday summary blog.  Last month’s patch Tuesday involved patching a massive 67 vulnerabilities over 17 bulletins, while this month we are patching only 3 vulnerabilities over 2 bulletins.   

This month’s patch cycle we are looking at mitigation for vulnerabilities in WINS and a couple of file format vulnerabilities in Powerpoint.

Here is a list of the vulnerabilities fixed in today’s patches:

MS10-035 - Vulnerability in WINS could allow remote code execution

• CVE-2011-1248 - WINS Remote Code Execution Vulnerability

MS10-036 - Vulnerabilities in Powerpoint Could allow Remote Code Execution

• CVE-2011-1269 - Microsoft Office Powerpoint Remote Code Execution Vulnerability
• CVE-2011-1270 - Microsoft Office Powerpoint Remote Code Execution Vulnerability

As shown in the chart above, we have been seeing a small number of vulnerabilities patched followed by a large number of vulnerabilities patched in an alternating pattern.  It is extremely important to watch which links you click and which websites you visit, with the ever growing number of client side vulnerabilities it only takes one click to open your infrastructure up to outside attackers.  Vulnerabilities in client side applications are not going away, they will continue to be a weak link in security as they are very easy to find with modern-day file fuzzers.  The security issues in client side applications are often overlooked due to file complexity.  Stay vigilant! 

As we do every month, we’ve released a signature update to address the vulnerabilities fixed in today’s patches.  Happy patching!

For Additional information on how you can protect your network from emerging threats, please visit http://www.juniper.net/us/en/products-services/security/srx-series/