Microsoft issues four critical patches

gallery

Microsoft late yesterday issued 11 security bulletins as part of its regular monthly patching cycle, including four critical patches for mission-critical systems.

As suggested by last Friday’s preview, the products affected by the critical vulnerabilities include Active Directory, Internet Explorer, Host Integration Server and Excel.

Andrew Clarke, International senior vice president of Lumension Security, pointed out that the four critical updates deal with remote code vulnerabilities on Windows and Excel 2000, Internet Explorer 6 (IE6) and Microsoft Host Integration Server.

“These vulnerabilities could potentially allow unrestricted access to sensitive databases and need to be treated very seriously,” he said.

The Windows Active Directory and Excel Bulletins would be particularly critical for organisations running Windows 2000 and Office 2000 as implementations of these versions of the Microsoft products are extremely common.

Clarke added that special attention was needed in these instances as many users are still using their Active Directory and Office on the Windows 2000 platform. “Moreover, the Office issues also impact MAC users that have Office for the Mac 2004 and 2008,” he added.

Security experts also called out the Windows IE6 critical patch, again because it is still widely deployed within organisations. The flaw affected multiple versions across multiple platforms, which Clarke said could “spell trouble for IT administrators”.

“It is not as simple as patching IE for XP or Vista as it impacts 2000, XP, Vista as well as Microsoft Windows Server 2003 and 2008,” he said.

And the vulnerability affecting Windows Host Integration Server (HIS) – a gateway application between Microsoft networks to IBM mainframe and AS400 environments – should be patched as a matter of importance by any organisation using this kind of environment, as a hacker who gains control of the flow of data through the HIS can access some of their more closely guarded systems.

“The broad target range of this month’s vulnerabilities emphasises the need for IT departments to adopt multi-platform patch and vulnerability management solutions,” concluded Clarke.

In addition to the four critical patches, six were listed as important and one as moderate, affecting more versions of Windows, Excel, and Internet Explorer.

Microsoft also launched a new Exploitability Index to help administrators prioritise patch deployments according to the likelihood of functioning exploit code being released for each of the security updates.

Email to a friend

Print this page