Microsoft’s ‘Patch Tuesday’ Without Word Flaw Update
On Tuesday, December 12, 2006, Microsoft released seven 'security updates' along with patches for 11 security flaws in U.S. Most of these vulnerabilities affect the 'Windows operating system'. Earlier, the software vendor had thought of developing six updates, but later added a seventh one to plug two holes in 'Windows Media Player' (WMP).
The WMP flaw can let an attacker to plant a malicious '.asf' or '.asx' file in a Web page or e-mail that would enable the attacker to acquire full control of a system and execute malware on it.
The Word exploit could let an attacker to run malware on a user's system from a remote location. Security experts advise users to refrain from opening or saving any Word documents that either arrives from un-trusted sources or unexpectedly from trusted sources.
It seems Microsoft was short of time to incorporate these flaws into its 'patch cycle'. This shows the trend in release of zero-day exploits by hackers on the eve of the 'Patch Tuesday cycle', so Microsoft faces a shortage of time to address them.
Out of all the software patches that Microsoft released, three carried a "critical" rating. These patches plug holes in Microsoft's 'Internet Explorer Web browser', its 'Windows Media Player program' and 'Visual Studio 2005 development software'.
Microsoft labeled a flaw in the 'Outlook Express e-mail client' as "important". Though the company rates the SNMP vulnerability "important", it is very serious for business users, stated Gunter Ollmann, Director, IMB Internet Security Systems X-Force Unit'.
Microsoft delivers the fixes via 'Automatic Updates in Windows' that are available on its Website.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 16-12-2006