Microsoft Delivers a Plethora of Patches

After almost no fixes last month, the company turns out 11 security bulletins, calling six of them "critical."

By  Andy Patrizio | Feb 13, 2008
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Following its meager security updates in January, Microsoft came back with a huge release for February. The company released 11 security bulletins containing 17 fixes.

If there's any good news in this haul of fixes, it's that only six of the 11 bulletins are listed as "critical," and the five other fixes as "important."

Of the six critical fixes, Jonathan Bitle, manager of technical accounts for security provider Qualys, said MS08-010 stands out because it addresses four severe HTML issues in Internet Explorer. The vulnerabilities in –010 would allow a specially crafted page to perform remote code execution on the user's system.

This vulnerability affects IE from version 5.01 up to 7. "Because it affects so many systems and doesn't require doing anything more than visiting a malicious site, that worries us," Bitle told InternetNews.com.

"Most organizations these days have a fairly good security practice about not opening unknown files from unknown users," he added. "But visiting Web sites that can be exploited is still a biggest area of concern. Here you have a remote code execution with no user interaction. Keeping your users from visiting sites like this is especially difficult."

Three of the critical fixes, –MS08-008, -012 and –013, are in Microsoft Office 2000, XP and 2003, and Office for Mac 2004. The fixes do not affect the recently released Office 2007 and Office for Mac 2008. All can allow for remote code execution. The final critical fix, -007, is critical only to Windows XP and Vista but labeled important for Windows Server 2003.

Among the important fixes are two vulnerabilities to a denial of service (define) attack that could cause the systems to restart (MS08-003 and –004). Two others affect Internet Information Services (IIS): One allows an attacker to execute arbitrary code in the context of local system (-005), and the other provides elevated user privilege (-006).

Finally, MS08-011 covers three vulnerabilities in Microsoft Works File Converter, which could allow an attacker to take control of a system.

Today's bulletins also do not affect Windows Vista SP1 and Windows Server 2008.

As with all patch releases, Microsoft has updated its Malicious Software Removal Tool -- this time to recognize the Win32/Ldpinch strain of password stealers.

Symantec calls the malware, which dates back to 2006, a low risk.

Microsoft will host a Webcast on Wednesday, Feb. 13 at 11 a.m. Pacific time to discuss the fixes.

Article courtesy of InternetNews.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >