A Dozen Microsoft Security Bulletins for February
Microsoft is considering issuing twelve security bulletins in the coming week, the software giant said on February 7, 2008. These patches are going to be released on February 12, 2008.
Director of Security Operations, Andrew Storms, at nCircle Network Security Inc., said that there is no single Windows store in the world that will not require to install at least one fix from this lot. A big chance, however, prevails that everyone would be using all 12. ComputerWorld reported this on February 7, 2008.
Redmond will release 7 bulletins to correct "critical" flaws and 5 to correct bugs rated "important", second highest alert rating of Microsoft.
The important fixes address Denial of Service (DoS), execution of remote code, and unauthorized privilege elevation across a number of Microsoft software, including rather unusually, Microsoft Works - the home productivity package. Those Microsoft products that are affected are Internet Explorer, Active Directory, IIS, ADAM, Office, VBScript, JScript, Visual Basic, Works, Works Suite, and Windows.
One out the total "critical" patches is set to close a severe flaw in Internet Explorer. It impacts every edition of Internet Explorer and all operating systems, said Manager of the Information and Data Team, Jason Miller, at Shavlik Technologies, provider of software for patch management. SCMagazine reported this on February 7, 2008. Miller added that there is possibility of the presence of exploits.
Additionally, the software giant plans to repair a bug in Microsoft Office 2004 for Mac. Although Microsoft hasn't yet described this vulnerability, it probably is linked to the Excel flaw that emerged during the middle of January 2008.
However, the software company stated through its security advisory on January 15, 2008 that an investigation is ongoing since reports came in about vulnerability in various Microsoft suites. These include Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel 2002, Microsoft Office Excel 2000, and Microsoft Excel 2004 for Mac.
There are also investigations ongoing for reported flaws inside third party ActiveX controls. Security Response Communications Manager, Bill Sisk, for Microsoft noted that the company in 2007 published a template for SiteLock to prevent misuse of ActiveX controls.
Related article: A New "Blackmailing" Variant Creeps Around…
» SPAMfighter News - 12-02-2008