Parting Ceremony - Microsoft to Release 7 Patches on Dec 11
The software giant Microsoft Corp. has decided to bid adieu to the year with a blast by slating seven security patches for December 11 to plug the vulnerabilities in Internet Explorer (IE) and Windows.
Two of the patches (rated 'critical') fix flaws in the whole range of supported editions of Windows OS (Operating System). The security patches takes care of components subsuming Windows Media Format Runtime, DirectX, and DirectShow. The third fix (also rated as 'critical') is for editions 6 and 7 of IE browser.
The year old OS, apparently touted as the most secure OS ever by Microsoft, Windows Vista, will be impacted by five out of the seven patches. According to the nCircle Inc's Director of security operations, Andrew Storms, this is not a small percentage, as reported by PC World on December 9, 2007. He added that it leads to the fact that although Microsoft called it secure, it still requires a lot of patches.
Four of the seven patches are under the bracket 'important'. These patches fix the holes in various versions of Windows, including Vista.
Like before, the company denied giving any further information in its advance notification. However, the synopsis of these flaws does disprove the recent announcement of Microsoft wrong that the volume of flaws in its OS is declining while that in applications is surging. In December, at least, the amount of flaws in Windows is dominating.
Microsoft has played it safe by releasing a fix for a security hole in Macrovision's copy protection software, SafeDisc too. This software comes integrated with Windows 2003 and XP and was not included in the patches released in the last month.
It is also likely that another plug will consist a flaw in Web Proxy Autodiscovery (WPAD), a Windows feature that supports IT administrators to automate proxy settings configuration.
Microsoft fixed the flaw in 1999 for all the users whose machines run on domains that were subsumed in .com top-level domain. As per the researchers at a security conference held recently in New Zealand, the flaw, however, remained for a user who relies on some 'non-.com' domain, comprising of the domains specific to countries also, like .nz (New Zealand) and .eu (European Union) or top-level domains for general purpose, like .net and .org.
» SPAMfighter News - 11-12-2007