Microsoft September Updates Less Serious

Microsoft Corp. issued 4 security updates on September 11, 2007 that fixed only four flaws in Visual Studio, the MSN, Windows, and Windows Live Messenger programs setting a record in 2007 for patching the least number of flaws in a month's bulletins.

The month is very light in terms of security flaws, therefore, there is low concern regarding them, said Tom Cross, a researcher on exploits at the Internet Security systems at IBM. He told this to SCMagazineUS.com that published it on September 11, 2007. The reason for the subdued concern is that the issues are not extraordinary or very different from those of the previous months.

However, people should urgently patch the Windows Agent vulnerability with MS07-051, Cross said. This flaw exists in an ActiveX control component that weakens animations in Windows programs. By exploiting the flaw, it could be possible to compromise computers running Windows 2003 SP4 under specific situations.

The Security Response group of Symantec has rated the Microsoft Agent ActiveX vulnerability as "critical" because users widely adopt the ActiveX controls in various applications. Symantec has seen a significant rise in ActiveX flaws in 2007, said Ben Greenbaum, Senior Research Manager, Symantec Security Response. SCMagazineUS.com reported this on September 11, 2007.

This is the second time that Microsoft had to mend a critical flaw in Microsoft Agent. Earlier in April 2007, the company patched a similar bug that created problems for Windows XP users.

With the public disclosure of both Windows Services and MSN Messenger for Unix vulnerabilities in August 2007, it is important to address them on priority, said Amol Sarwate, Manager of Qualys' vulnerability research lab. InfoWorld reported this on September 11, 2007. While they were in experts' knowledge for sometime, their consideration especially in MSN flaw is important, he said.

When users of Windows Live Messenger and MSN Messenger connect with the Instant Messaging services, Microsoft would prompt them to upgrade their programs, the company said via its security update notes. The flaw would not affect Windows Live Messenger 8.1 or MSN Messenger 7.0.0820, Microsoft said.

Sophos recommends organizations to install the patches on an urgent basis.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 9/24/2007