Microsoft Patches 26 Flaws In a Single Day
In an interview, Alfred Huger, senior director of engineering at Cupertino, California-based Symantec Corp, informed that at least two of the vulnerabilities, one each for PowerPoint and Excel, were already exploited. So the program users must immediately enhance their security so as not to fall victim to hackers.
Microsoft's security web site provides the patches, which users can download for free. But as always, the method of setting computers to automatically download these types of fixes was not working on Tuesday. Microsoft said the problem was not with the security patches but with the system of automatic update itself.
According to Microsoft's Craig Gehere in a blog posting, the problem came up due to some network issues on the 'Microsoft Update base'. The security updates were not yet available to users of 'Microsoft Update', 'Automatic Updates', 'Windows Server Update Services (WSUS)' and 'Windows Update Version 6'. However, later that day, Gehere updated the blog to inform that the issue had been resolved. Some of the patches can be applied to Windows Vista as well and two to Office on the 'Apple Mac'. Although Apple patches are very important they are not critical. Four most critical updates are for the Office suite. All of the main Office products - Word, Excel and PowerPoint have serious flaws that could transfer entire control of the computer to an attacker on exploitation. One single update is capable to affect the complete Office suite.
Important updates were issued for previous flaw in WebViewFolderIcon control that is used in Windows Shell. For this, exploits have been since many weeks and for Windows XML parser.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 16-10-2006