Microsoft patches nine flaws in update
10-10-2007
by Ciara O'Brien
Microsoft has released six security bulletins for its software, but held back a patch that had been expected for an unnamed flaw in Windows 2000 and Server 2003.
The regular monthly 'Patch Tuesday' bulletin fixes nine security flaws, four of which have been rated as critical and affecting versions of Word, Internet Explorer, Outlook Express, and the Kodak Image Viewer.
Two fixes, rated as "important", cover Windows SharePoint and the remote procedure call (RPC). However, a further update for the Windows 2000 and Server 2003 flaw was pulled because of what Microsoft termed "quality control issues".
The critical flaw found in Word is causing particular concern as it has already been the subject of attack. Using a specially-crafted Word document, the flaw could be exploited for remote code execution, and has already been abused in the past, according to analysts.
The IE patch, meanwhile, is a cumulative update and covers a memory corruption in Internet Explorer that could lead to remote code execution, and also multiple address bar spoofing vulnerabilities. The spoofing flaw is of particular concern with regards to phishing attacks.
The vulnerability in Windows 2000's Kodak Image Viewer could allow hackers to take control of a user's PC, through the opening of an infected image. Although Microsoft says this flaw isn't being actively exploited, experts disagree and recommend that the patch be installed as quickly as possible.
Vista users will need to be mindful of this particular update too -- three of the patches affect users of the new operating system, including the RPC exploit, the IE patch and the security Update for Outlook Express and Windows Mail.
This month's patch bundle compares unfavourably to September when the 'Patch Tuesday' update identified only one critical flaw and included patches for only four flaws in total -- a record for 2007. The biggest batch of 2007 was released in February, when 20 vulnerabilities were fixed in a security bulletin that consisted of 12 patches. Running a close second was August's security update, when 14 flaws were fixed in nine security updates and eight of these security holes were rated as "critical".
• Light month for Microsoft security
• Microsoft releases a slew of security fixes
• Microsoft plans six critical patches
• Microsoft to patch critical trio
Related Events
• Introduction to IT Security for Internal Audit
Security » Create Alert
Microsoft » Create Alert
Patch tuesday » Create Alert
» Define your own keyword alert
• For the record 16 July
• For the record 17 July
• In the papers 16 July
• In the papers 17 July
• Rattleblog: Tales from the blogosphere
• Siemens gives Cork a jobs boost
• Sony PS3 movie downloads are go
• Microsoft widens its Live Mesh web
• Microsoft, Google disappoint analysts
• IBM misses memo on economic slowdown
• In the papers 18 July
• For the record 17 July
• Security heading for the cloud
• Nokia sees Q2 profit drop 61pc
» Read More
There's no question that people like a challenge. Especially so when there's a cash prize involved. That's why it's genuinely interesting to see what people » Read more
Sign up free, click here
To change your ENN Newsletter and alerts preferences here
Science courses continue to prove unpopular with students, but some new initiatives are trying to change that trend.
» Read more
Do you need
skilled writers to put together compelling prose for your company? Why not
check out the new-look corporate services site from ENN and see how we can
put our skills to your use.»more
Introduction to IT Security for Internal Audit
9:15am, Espion Training Centre
» View more events
» Post your event on ENN
