Bumper set of security patches from Microsoft
By Miya Knights,
School’s not out for IT administrators, as Microsoft released a bumper crop of updates, patching 26 vulnerabilities late yesterday - the highest number addressed by its monthly round of security patches in two years.
The update includes six critical and five important patches, as previewed last week, ensuring the August summer holidays will be a busy time for IT security administrators, just like last year.
“This is a mammoth ‘Patch Tuesday,’ and we have not seen anything of this scale in a long time,” said Karthik Raman, a McAfee researcher.
The six critical patches have been given the software vendor’s highest security rating because the vulnerabilities could allow attackers to take complete control remotely over a computer running the vulnerable software.
“Many of the vulnerabilities addressed by the fixes could be exploited if a Windows user simply views a malformed image or visits a malicious website, a favourite attack method among cybercriminals,” Raman said.
The majority of the vulnerabilities addressed by the August security bulletin can be exploited through malicious websites or by tricking a computer user into opening a rigged image or Office file.
And two of these – MS08-041 and MS08-042 – cover vulnerabilities that had already been publicly disclosed and are actively being used in cyberattacks.
McAfee recommended organisations prioritise the updates that fix the image processing flaws (MS08-044) and the Internet Explorer update (MS08-045), because it said attackers were more likely to take advantage of these vulnerabilities in new attacks.
Andrew Clarke, Lumension Security international vice president, focused on the breadth of affected software products that will affect both desktops and servers: “All six critical patches are identified as fixing vulnerabilities relating to Microsoft Windows, Internet Explorer, Media Access Player, Access, Excel, PowerPoint and Microsoft Office,” he said.
Clarke urged IT departments to act quickly and carefully assess which patches should receive priority.
“Looking at the impact on IT groups managing servers, critical updates will be issued that apply to Windows 2000, 2003 and 2008, he advised. “For those managing desktops, critical updates will be released for XP, Vista, Office 2000, Office XP and Office 2003.”
He also highlighted another vulnerability for users of Windows Messenger: “MS08-050 is concerning as it allows unauthorised access to a user’s messenger account,” added Clarke.
Related Tags
advertisement
Latest Security Features
How to be a successful online fraudster
Ever wanted to know how easy it is to be an identity thief and earn a fortune? IT PRO reveals all…
- What you need to know about ID cards
- Lessons to learn from a year of data breaches
- Q&A: DNS inventor Paul Mockapetris
- Is the password ill-equipped for the modern world?
- Why is backing up given short shrift?
- Defending Europe against cyber attack
- The present and future of IT security
- I’m an IT manager, get me out of here!
- IT around the world: Russia
Latest Security Reviews
Fortinet FortiGate-3810A
Rating: ![]()
- Clearswift MIMEsweeper Web Appliance ENW
- NetASQ U6000 UTM appliance
- AVG Internet Security SBS Edition 8.0
- Finjan Vital Security Web Appliance NG-6000S
- LogLogic MX2010
- Exclusive: WatchGuard Firebox Core X750e
- Sophos ES4000 Security Appliance
- Microsoft Forefront Security for Exchange and SharePoint
- EXCLUSIVE: Juniper Networks SSG 550 UTM appliance
advertisement
Latest News Videos in Security
Video: Eugene Kaspersky outlines security threats
IT PRO speaks to Eugene Kaspersky, chief executive and founder of Kaspersky Lab.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.



Social Bookmark this article: What is this?