EmailSafety.net - Microsoft warns of monster patch day next week

Microsoft warns of monster patch day next week

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Recent News

Microsoft Thursday said it will issue eight security updates on Tuesday, the most since October 2008, to patch problems in Windows, Internet Explorer (IE), DirectX, Excel, Word, and the company's security software.

Slideshow: 10 breakthroughs in IT security

Five of the eight updates will be labeled "critical," Microsoft's highest ranking in its four-step threat system, Thursday's notice said, while two will be pegged "important," the next rating down, and one marked "moderate."

"It's going to be a difficult month to set priorities for patching," argued Andrew Storms, director of security operations at nCircle Network Security Inc. "There are updates for Windows, one that's critical across the board, a browser update that affects everyone and an Office update. That's a lot of different groups to juggle."

Related Content

Five of the eight updates will address flaws in Windows, with other updates tackling vulnerabilities in IE, Excel and the Internet Security and Acceleration (ISA) server software. Three of the five Widows updates have been tagged critical, as have the IE and Excel updates.

The Excel update is probably a patch for the vulnerability in the spreadsheet program that Microsoft acknowledged nearly two months ago, said Storms. In late February, Microsoft issued a security advisory warning users that attacks were already in circulation, adding that all supported versions of Excel, including the latest -- Excel in Office 2007 on Windows and in Office 2008 for the Mac -- were affected.

At the time, Microsoft told users they could protect themselves by blocking Excel files from opening, a process that requires editing the Windows registry, or by running Excel 2003 documents through the Microsoft Office Isolated Conversion Environment (MOICE), a tool the company launched in 2007.

Microsoft did not patch the Excel bug last month when it released its regularly-scheduled updates on March 10. "Nothing else here maps to any known vulnerabilities," said Storms.

The IE update will patch all currently-support versions of the browser, including IE 5.01, IE6 and IE7, and was marked critical for all editions when running on the Windows client.

One of the five Windows updates is similar, in that it has been labeled critical for all versions, including Windows 2000, XP, Vista, Server 2003 and Server 2008. "It's a big call-out whenever something's critical for Vista and Server 2008," said Storms, because that means the bug is in the software Microsoft considers its most secure.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.

Recent News:

· Feds draw a bead on Russian behind Mega-D botnet
· Ransomware Attack Resurfaces to Hold Files Hostage
· Adobe Reader X Makes PDF Files Safer
· PayPal Users Beware of Holiday Phishing Scam
· McAfee Reports Malware at All-Time High

Site Map | Recent News | Related Sites