Microsoft's Patch Tuesday monthly security update for September includes protection against the Stuxnet worm which...
targeted critical infrastructure software.
Bulletin MS10-061 fixes a flaw used by the Stuxnet worm as a secondary propagation method, reducing its ability to spread.
In co-operation with Kaspersky and Symantec, Microsoft analysed samples of the Stuxnet malware and found that in addition to using the zero-day LNK vulnerability, addressed in August by MS10-046, it is using a second, unknown vulnerability in the Windows print spooler to spread itself to other machines in the network, said Wolfgang Kandek, chief technology officer at security firm Qualys.
Microsoft recommends that MS10-061 and MS10-062, which addresses an MPEG-4 codec vulnerability, be deployed first.
Bulletin MS10-063 fixes a critical flaw in the OpenType libraries that could allow an attacker to subvert a user's machine if the user views a malicious e-mail or Web page, said Kandek.
"The vulnerability does not require any further user interaction and so is a candidate for use in drive-by-download attacks, where malware is downloaded with the user's consent or knowledge," he wrote in a blog post.
"While it is ranked as harder to exploit, we believe that attackers will focus on the vulnerability given the potential payback of more targets," Kandek said.
The three are among a total of nine security bulletins addressing 11 vulnerabilities in Microsoft's Windows, Internet Information Services (IIS), and Office software.
Four of the bulletins are designated "critical," and five of them are designated "important."
Microsoft has also released two security advisories.
Security Advisory 2401593, describes a privilege elevation risk and affects Exchange customers using Outlook Web Access. Security Advisory 973811, updates information about enabling Outlook Express and Windows Mail to use a new feature, Extended Protection for Authentication.