Microsoft fixes nine Office and Windows bugs
By Miya Knights,
Microsoft has released six security updates as part of its monthly patching cycle, fixing critical flaws in a number of key products.
The 'Patch Tuesday' updates released yesterday fix nine bugs in products including Word, Outlook Express and Internet Explorer (IE) and the Kodak image viewer bundled with Windows. Out of these, four were rated 'critical,' while 'important' fixes also related to Windows SharePoint collaboration software and Windows remote procedure call (RPC) protocol.
Among security experts, the general consensus is that the Word vulnerability the patches address should a priority. A Microsoft security programme manager said in a blog that this is because, although the issue has not been publicly disclosed, the vendor was aware of a "very limited and targeted number of attacks". The flaw can allow a hacker to get unsuspecting users to open Word documents.
The Windows RPC flaw is significant for the fact that, although the flaw cannot allow unauthorised software to run on a victim's PC, attacks targeting this execution protocol through denial of service attacks (DoS) have been used in the past as the source for some of the most damaging computer worms, like 2003's Blaster.
The IE patch fixes four bugs in the Microsoft browser and are rated critical given the fact that they affect core operating system (OS) files and their likelihood in being used as in internet-based attacks.
Alan Bentley, regional vice president of Lumension (formerly PatchLink) felt the IE bugs should also be a priority for administrators. "If you were to only adopt one patch this month, this is it," he said.
"Organisations and consumers alike should focus on [the cumulative update] given the pervasiveness of IE. The reality of the vulnerability is that you may think you've left a site, but to all intents and purposes you remain on that site.
He also said the DoS vulnerability rated as 'important' has the potential to enable hackers to cripple internet-facing Microsoft servers. "Any organisation with externally facing Microsoft web servers should take a very close look at the MS07-058 bulletin."
Microsoft released one less patch than it had originally planned, according to its pre-Patch Tuesday release schedule outlined last Thursday. An unidentified flaw in Windows 2000 and Windows Server 2003 that could be used for 'spoofing' was withdrawn because of 'quality control issues' according to the vendor.
Nevertheless, Lumension's Bentley said that although the release of four critical patches would attract most attention, he also pointed to Sun as another vendor releasing a slew of patches this week, which means "IT administrators cannot just stop at updating Microsoft".
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: ![]()
advertisement
Most popular
- Apple iPad 3 vs iPad 2 head-to-head review
- Hutchison denies it will pull plug on Three UK
- EMC World 2012: Tucci declares Documentum is here to stay
- ICO: Fines for cookie law breakers
- EMC World 2012: EMC talks up cloud, security and big data
- Dell PowerEdge R820 review
- Sony Vaio T13 Ultrabook review: First look
- BlackBerry 7 OS certified to carry 'Restricted' UK government information
- Facebook floatation marred by Nasdaq glitch
- CIO: Career is over?
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
We bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.





