If you're prepared to put up with the misses HP's new UMPC still delivers some real hits. »more
Light month for Microsoft security
12-09-2007
by Ciara O'Brien
It was a light 'Patch Tuesday' for Microsoft this month, with only one critical flaw identified in the tech firm's regular security update.
In fact, the monthly update -- issued on 11 September -- included patches for only four flaws, a record for 2007. The fixes were for vulnerabilities discovered in Windows, Visual Studio and the MSN and Windows Live Messenger software.
The most serious flaw was discovered in Microsoft Agent, which could allow a malicious user to attack a machine using remotely executed code.
Although rated only as "important", the flaw found in the Messenger software has already been the subject of exploit code published on the internet. Users who are fooled into accepting a webcam or video chat from a malicious user can find their systems hijacked by rogue code.
Another flaw, affecting Visual Studio, required users to open an RPT file to trigger the remote code execution, while Windows Services for UNIX 3.0, Windows Services for UNIX 3.5, and Subsystem for UNIX-based Applications were hit by the fourth vulnerability. A fifth patch had been expected, but was unexpectedly left out of the bundle.
The light patch bundle makes a change from recent months, when Microsoft hit record highs for 2007. The biggest batch of patches this year was released in February, when 20 vulnerabilities were fixed in a security bulletin that consisted of 12 patches. A significant security update was also released in August, when 14 flaws were fixed in nine security updates. Eight of these security holes were rated as "critical".
Meanwhile, voice over IP firm Skype is experiencing some problems of its own, with an infected JPEG image spreading a worm via its instant messaging system. The worm, which is known as W32.Pykspa.D or W32/Skipi.A, is spreading to users' machines through a link to a JPEG file. If users click on the link, they view a bitmap of bubbles -- a Windows default bitmap graphic -- and are more than likely infected by the worm.
Once compromised, infected machines begin to send the worm to other Skype users. The worm also tries to close down security software and block updates to antivirus programs.
• Microsoft releases a slew of security fixes
• Microsoft to patch critical trio
• Microsoft patches 19 critical flaws
• Microsoft patches six critical flaws
Related Events
• Web Application Security Course
• 2008 Conference European Spreadsheet Risk Interest Group (EuSpRIG)
• Fundamentals of Forensics Course
• Virtualisation and how it can make your business even more competitive
• Introduction to IT Security for Internal Audit
Microsoft » Create Alert
Security » Create Alert
Virus » Create Alert
» Define your own keyword alert
• Eircom nets EUR10m deal with Tesco
• For the record 1 July
• Google gets map happy with Tele Atlas
• Google plugs YouTube into PS3
• In the papers 1 July
• Meteor glows brightly in Eircom results
• Vodafone wins 10 iPhone contracts
• Scareware runs amok on PlayStation site
• Government outlines key broadband targets
• Email: The tip of the cloud iceberg?
• SunGard buys Irish firm Delphi
• In the papers 3 July
• For the record 2 July
• DoJ to probe Google-Yahoo deal
» Read More
If you've come to rely on the web to secure business in Europe you may be interested to note that Blacknight is claiming to be the first Irish company accredited » Read more
Sign up free, click here
To change your ENN Newsletter and alerts preferences here
Science courses continue to prove unpopular with students, but some new initiatives are trying to change that trend.
» Read more
Do you need
skilled writers to put together compelling prose for your company? Why not
check out the new-look corporate services site from ENN and see how we can
put our skills to your use.»more
International Trade Skillnet Online Market Course
9am, Europa Academy, Swords
» View more events
» Post your event on ENN
