• Promo: B.Sc. Info Systems, Trinity

    IT workers face the challenge of developing their communications, business and management skills.
    » more

  • Blog: At a loss over data loss

    You can lead us all to water but we're just too lazy to drink.
    » more

  • Web Pick: Times Online -- Games

    Do you love a good puzzle during your lunch hour? Bit of a Sudoku fanatic? Look no further.
    » more

SECURITY

Microsoft patches 19 critical flaws

09-05-2007

by Ciara O'Brien

They may only be available a matter of months, but Microsoft is already patching critical flaws in its 2007 suite of products.

In total, 19 flaws were patched in the latest security update. The vulnerabilities affect Windows 2000, XP and the new Vista operating system, which was designed to be more secure and stable than its predecessors.

This month's "Patch Tuesday" security update, which is issued on the first Tuesday of every month, includes seven security bulletins as expected, covering Internet Explorer 7, Office 2007 and Exchange 2007.

The "critical" rating of the seven bulletins is the highest Microsoft issues. The flaws could be used by an attacker to take control of an affected system with little action required by the user.

Internet Explorer has been hit by six flaws, while the security bulletins also patch vulnerabilities in the Windows DNS (Domain Name System) server.

Three updates tackle flaws discovered in Office applications. Exchange, meanwhile, has four flaws identified in its software, including Exchange 2007. The Exchange 2007 vulnerability could compromise a system running the software without any user intervention.

The fixes also include patches for three "zero-day" vulnerabilities, including the DNS flaw, which affects Windows 2000 Server and Windows Server 2003, and two affecting Internet Explorer and Word. The DNS and Word flaws have already been used in attacks, Microsoft admitted.

The good news for consumers is that the majority of the vulnerabilities are only a problem if a user opens a malware file, or visits a website exploiting the flaws.

"If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system," Microsoft warned in the bulletin.

"An attacker could then install programs; view, change, or delete data; or create new accounts with the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

However, the news of the flaws affecting Vista is a blow for the tech giant, although some of the vulnerabilities appear to be less severe in the new operating system than in older incarnations of Microsoft's products. Regardless, it seems that Microsoft is having a tough time living up to Vista's promises of added security and stability.

Click here to make ENN your home page
Sign Up for FREE ENN Newsletters

VIDEO REVIEW

Dell not dull; sees red
Dell adds a splash of colour to its latest laptop range, but is this enough, or do consumers want an edgier look? » Read more

ENN CORPORATE

Complete copywriting services
Do you need skilled writers to put together compelling prose for your company? Why not check out the new-look corporate services site from ENN and see how we can put our skills to your use. » Read more

  • Hosted by TeleCity

SUBSCRIBE

Not a member yet?
Sign up free, click here
To change your ENN Newsletter and alerts preferences here

WHO'S WHO IN PR

Full listing of Irish PR firms, including high-tech specialists. » Click here