Sponsor for PC Pals Forum

Author Topic: Microsoft Releases Massive Set of Security Updates  (Read 580 times)

Offline Clive

  • Administrator
  • *****
  • Posts: 75153
  • Won Quiz of the Year 2015,2016,2017, 2020, 2021
Microsoft Releases Massive Set of Security Updates
« on: February 13, 2008, 20:33 »
Microsoft released 11 security updates today that fix critical flaws in its products, including a publicly known ActiveX bug that affects users of the Visual FoxPro database.

In total, 17 individual software flaws were patched in the updates. Microsoft rates six updates as critical, meaning they should be installed as soon as possible, while the remaining five updates are considered "important." Last month was an easier month on IT administrators, when Microsoft released just two updates.

Microsoft surprised some by releasing one less update than expected. Last Thursday the software vendor had said that it was readying a fix for critical VBScript and JScript flaws in Windows 2000, XP, and Windows Server 2003. That update wasn't included in this week's patches, but Microsoft today wouldn't confirm that it had actually dropped the update because "this could put customers at risk," according a spokeswoman for the company's public relations agency.

IE Patch Critical
Security experts said Tuesday that the MS08-010 update, which fixes four bugs in Internet Explorer, should take top priority this week. "There are four vulnerabilities within that particular patch and all of them are remote-code executable," said Jonathan Bitle, director of technical account management with Qualys.

"The way we're looking at it, our prioritization would put MS08-010 at the top followed by MS08-007," said Don Leatham, director of solutions and strategy with Lumension Security.

MS08-010 fixes a publicly disclosed ActiveX bug that affects Visual FoxPro users. Although hackers have already posted code showing how to exploit this vulnerability, the buggy ActiveX control is not included in Internet Explorer 7's default list of controls, so the flaw should not affect most users.

The MS08-007 update fixes a critical flaw in the Windows XP and Vista WebDAV redirector software. WebDAV is a Web-based document sharing protocol. The flaw is rated important for Windows Server 2003 users.

Microsoft Office Fixes
Microsoft's Office products are also a major source of patches this month.

Tuesday's updates include critical fixes for Microsoft Word, Office Publisher and in Office itself.

There is also a critical update for Windows' Object Linking and Embedding (OLE) Automation software.

The remaining updates, rated important, are for Active Directory, the Vista TCP/IP stack, the Microsoft Works file converter and two bugs in the Internet Information Services (IIS) Web server.

The Patch Tuesday updates show that client-side bugs continue to be a much higher risk than server-side vulnerabilities, said Andrew Storms, director of security operations with nCircle. "One would have assumed that the IIS and Active Directory vulnerabilities would have been the most serious because they stand at the core of an enterprise and provide more critical services" he said via instant message. "But with this month's patches, the hacker's best bet is to take advantage of the client-side attacks."


Offline Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
Re: Microsoft Releases Massive Set of Security Updates
« Reply #1 on: February 13, 2008, 21:08 »
Just delivered.  :(
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline chorleydave

  • Forum Fanatic
  • ******
  • Posts: 5035
Re: Microsoft Releases Massive Set of Security Updates
« Reply #2 on: February 13, 2008, 21:29 »
Well, the way I read it, if you don't use Internet Explorer and aren't online when using Office (and why should you be) it isn't worth the risk of downloading these updates.  I certainly won't be turning on Automatic Updates, nor will I be downloading them manually.

Offline sam

  • Administrator
  • *****
  • Posts: 19977
Re: Microsoft Releases Massive Set of Security Updates
« Reply #3 on: February 13, 2008, 23:52 »
Quote
Office (and why should you be)

I'm always online. why would I not be? though i probably wont have these issues using linux :-D
- sam | @starrydude --

Offline chorleydave

  • Forum Fanatic
  • ******
  • Posts: 5035
Re: Microsoft Releases Massive Set of Security Updates
« Reply #4 on: February 14, 2008, 22:03 »
Yeah, I suppose many people are always connected.

I tend to switch off the PC when I'm out and then when I switch on I do non-internet stuff before I connect.

Each to his own I suppose.  :)


Show unread posts since last visit.
Sponsor for PC Pals Forum