Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Microsoft’s ‘Patch Tuesday’ Without Word Flaw Update

On Tuesday, December 12, 2006, Microsoft released seven 'security updates' along with patches for 11 security flaws in U.S. Most of these vulnerabilities affect the 'Windows operating system'. Earlier, the software vendor had thought of developing six updates, but later added a seventh one to plug two holes in 'Windows Media Player' (WMP).

The WMP flaw can let an attacker to plant a malicious '.asf' or '.asx' file in a Web page or e-mail that would enable the attacker to acquire full control of a system and execute malware on it.
However, in this 'security bulletin cycle', Microsoft issued no update on the 'Word security flaws'. These flaws are capable of exploitation by malicious software to access computers. The Word vulnerability affects a minimum of nine versions of 'Word' and 'Microsoft Works'. Security firm 'Secunia' has rated this vulnerability "extremely critical".

The Word exploit could let an attacker to run malware on a user's system from a remote location. Security experts advise users to refrain from opening or saving any Word documents that either arrives from un-trusted sources or unexpectedly from trusted sources.
According to Amol Sarwate, Manager, Vulnerability Labs, Qualys, he thinks there would be an out-of-band' patch in the background of severity of these vulnerabilities and the abundant use of Word everywhere.

It seems Microsoft was short of time to incorporate these flaws into its 'patch cycle'. This shows the trend in release of zero-day exploits by hackers on the eve of the 'Patch Tuesday cycle', so Microsoft faces a shortage of time to address them.

Out of all the software patches that Microsoft released, three carried a "critical" rating. These patches plug holes in Microsoft's 'Internet Explorer Web browser', its 'Windows Media Player program' and 'Visual Studio 2005 development software'.

Microsoft labeled a flaw in the 'Outlook Express e-mail client' as "important". Though the company rates the SNMP vulnerability "important", it is very serious for business users, stated Gunter Ollmann, Director, IMB Internet Security Systems X-Force Unit'.

Microsoft delivers the fixes via 'Automatic Updates in Windows' that are available on its Website.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 12/16/2006

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page