Microsoft's Mega Batch Of Patches, The Second Largest In 2007 - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Microsoft's Mega Batch Of Patches, The Second Largest In 2007

Researchers are calling this a massive bundle of patches, fixing bugs that will affect anyone using Windows.

IT managers and techs may want to reschedule any plans they had for fun in the sun for the rest of the week.

In its monthly Patch Tuesday release, Microsoft issued the second-largest bunch of fixes this year -- patching vulnerabilities that will affect anyone using Windows, according to Amol Sarwate, manager of the Vulnerability Research Lab at Qualys.

Microsoft released nine security bulletins, fixing a total of 14 vulnerabilities. Eight of the bugs are critical; four are rated important, which is the next rung down on the risk scale; and two are rated moderate. The fixes address flaws in Windows, Windows Media Player, Windows Gadgets, Office, Excel, Internet Explorer, Visual Basic, Virtual Sever, and Virtual PC.

"Today was the biggest patch day in the last five or six months," said Sarwate, noting that the patches affect three or four core components. "We haven't seen this many critical patches since February. And we have the largest amount of applications affected. Anyone using Windows will be impacted by this."

Symantec Security Response rated the Cumulative Security Update for Internet Explorer as the most critical since two of the vulnerabilities affect Internet Explorer version 6 and version 7 on Windows 2000, Windows XP, Windows Server 2003, and Windows Vista. A successful exploit, which would most likely be delivered via a malicious Web page, could enable a hacker to remotely install malicious code.

Symantec researchers also noted the vulnerability being patched in the Windows Graphical Device Interface (GDI), which is designed to enable applications to use graphics and formatted text. The bug affects Microsoft Windows 2000, Windows XP, and Server 2003.

The client-side flaw, they reported, is in the GDI graphics rendering engine library. It could be triggered by a malicious Windows Metafile. The bug could be exploited by a malicious Web page or an html e-mail, and it would allow an attacker to install malicious code on the victim machine.

Researchers at McAfee noted that this month's batch of patches highlight a new problem -- using malicious RSS feeds to attack Windows Vista.

One of the nine bulletins released today reported that an attacker could remotely run code on a system if a user subscribes to a malicious RSS feed in the Feed Headlines Gadget or adds a malicious contacts file in the Contacts Gadget or clicks on a malicious link in the Weather Gadget. Microsoft noted that this is an important security update for all supported editions of Windows Vista.

"Many of the vulnerabilities addressed by Microsoft's fixes could be exploited if a Windows user simply visits a malicious Web site," said Dave Marcus, security research at McAfee Avert Labs. "Microsoft's patches again underline the trend of malware writers seeking out the Web browser as a means of attack and reinforce the need of safe browsing habits."

Microsoft's other mega batch of patches came in February when the company fixed 20 vulnerabilities with 12 patches.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
Can Cloud Revolutionize Business and Software Architecture?
Joao-Pierre S. Ruth, Senior Writer,  1/15/2021
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
News
How CDOs Can Build Insight-Driven Organizations
Jessica Davis, Senior Editor, Enterprise Apps,  1/15/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll