• Promo: B.Sc. Info Systems, Trinity

    IT workers face the challenge of developing their communications, business and management skills.
    » more

  • Blog: IE8 & the prvacy dilemma

    Will the new protections planned for IE8 just make us even more complacent?
    » more

  • Web Pick: UBIK.com

    With just a few clicks, UBIK brings mobile site design to the masses.
    » more

SECURITY

Microsoft releases a slew of security fixes

15-08-2007

by Ciara O'Brien

Microsoft released another bumper crop of security patches on Tuesday, in what analysts are calling one of the most significant security updates so far this year.

In all, 14 flaws were fixed in nine security updates included in the tech giant's regular "patch Tuesday" update. Eight of the security holes were rated as "critical" -- Microsoft's most serious ranking. Four of the vulnerabilities were classed as "important", the next rating on scale, while the final two were classed as "moderate".

The security flaws were contained within Windows, Internet Explorer and Microsoft Office software. The vulnerabilities affect users of Microsoft's operating systems including Microsoft Vista. Although, the newer versions of the programs appear to be less seriously affected by the flaws.

Windows XP and Windows 2000 got most of the attention from the update, with five and four of the critical bulletins applying respectively. Vista, on the other hand, warranted just two.

One flaw, considered the most serious by some industry experts, affects how Windows' Graphics Rendering Engine deals with specially-crafted images. Users who are vulnerable to the flaw could see their systems hijacked by an infected image contained within an e-mail attachment. However, Vista and Windows 2003 Server Service Pack 2 were not affected by the security hole.

Another bug, found in Microsoft XML Core Services, could leave users open to exploitation by malicious websites, while a flaw found in Object Linking and Embedding (OLE) could allow malicious users to run malicious code on machines.

"This security update addresses the vulnerability by adding a check on memory requests within OLE automation," Microsoft said.

Two flaws, classed as "important", were discovered in Windows Media Player. "These vulnerabilities could allow code execution if a user viewed a specially-crafted file in Windows Media Player," Microsoft said. Meanwhile, several vulnerabilities in Windows Gadgets were addressed; these flaws could potentially leave users exposed to malicious RSS feeds, contacts files or Weather Gadget links.

The biggest batch of patches this year was released in February, when 20 vulnerabilities were fixed in a security bulletin that consisted of 12 patches.

Click here to make ENN your home page
Sign Up for FREE ENN Newsletters

VIDEO REVIEW

Dell not dull; sees red
Dell adds a splash of colour to its latest laptop range, but is this enough, or do consumers want an edgier look? » Read more

ENN CORPORATE

Complete copywriting services
Do you need skilled writers to put together compelling prose for your company? Why not check out the new-look corporate services site from ENN and see how we can put our skills to your use. » Read more

  • Hosted by TeleCity

SUBSCRIBE

Not a member yet?
Sign up free, click here
To change your ENN Newsletter and alerts preferences here

WHO'S WHO IN PR

Full listing of Irish PR firms, including high-tech specialists. » Click here