Microsoft released 13 security patches for the first time involving Windows 7

In the early hours of this morning, Microsoft released 13 security patches to fix 34 security defects in products including Windows 7 operating systems that have not yet been officially released. At the same time, 13 security patches also set a new record in the number of patches released by Microsoft on a single day.

Microsoft said the patch released today affects products such as Windows, IE, Silverlight, and Office. 6 of the 13 patch software are "urgent" and users should install them immediately.

Microsoft may be embarrassed to have security defects in Windows 7 that have not yet been officially released. Microsoft has always hoped that Windows 7 would leave a bad impression on users. A Microsoft spokesman did not confirm whether the company has detected more Windows 7 security defects. Microsoft usually does not disclose security defects before patches are released.

Dave Marcus, McAfee's Senior Researcher, said the security defects in Windows 7 are rather serious, but not surprising. "As long as the code is compiled by humans, there will be defects ."

Microsoft Security Bulletin Summary (October 2009 ):

1. Announcement No.: MS09-050

Knowledge Base No.: KB975517

Announcement Summary: fixed a public disclosure vulnerability and two secret reports vulnerability in Server Message Block Version 2 (SMBv2. If an attacker sends a specially crafted SMB packet to a computer running the server, the most serious of these vulnerabilities may allow remote code execution.

Highest security level: serious

Impact scope: Windows Vista SP2/Server 2008 SP2 (unless otherwise specified, the 32/64-bit version of the corresponding system is included)

2. Announcement No.: MS09-051

Knowledge Base No.: KB975682

Announcement Summary: two secret reports in Windows Media Runtime are fixed. These vulnerabilities may allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a website or any application that provides Web content.

Highest security level: serious

Impact scope: from Windows 2000 SP4 to Windows Vista SP2/Server 2008 SP2

3. Announcement No.: MS09-052

Knowledge Base No.: KB974112

Announcement Summary: fixed a secret report vulnerability in Windows Media Player. If you use Windows Media Player 6.4 to play a specially crafted ASF file, this vulnerability may allow remote code execution.

Highest security level: serious

Impact scope: WMP 2000 on Windows 2003 SP4/XP SP3/Server 6.4 SP2

4. Announcement No.: MS09-053

Knowledge Base No.: KB975254

Announcement Abstract: two vulnerabilities publicly disclosed in Microsoft Internet Information Service IIS 5.0/5.1/6.0/7.0/7.0 FTP were fixed. in IIS 6.0, only FTP Service was affected. These vulnerabilities may allow remote code execution on the system running the FTP service on IIS 5.0, or launch DoS attacks on the system that runs the FTP service on IIS 5.0/5.1/6.0/7.0 ).

Highest security level: Important

Impact scope: IIS 5.0/5.1/6.0/7.0

5. Announcement No.: MS09-054

Knowledge Base No.: KB974455

Announcement Summary: Internet Explorer provides accumulative security updates to fix vulnerabilities reported by three secrets in Internet Explorer and a public vulnerability. If you use IE to view special webpages, all vulnerabilities may allow remote code execution.

Highest security level: serious

Impact scope: IE 5.01/6 SP1 and IE6/7/8

6. Announcement No.: MS09-055

Knowledge Base No.: KB973525

Announcement Summary: a secret report vulnerability that is currently being exploited by Multiple ActiveX controls. If you use the IE of the instantiated ActiveX Control to view the webpage, the vulnerability that affects ActiveX control compilation in vulnerable versions using the Active Template Library (ATL) may allow remote code execution. Currently, attacks against this vulnerability have been launched, but the impact scope is not large.

Highest security level: serious

Impact scope: from Windows 2000 SP4 to Windows 7/Server 2008 R2