Microsoft Issues 9 Security Patches

[cracker 0]

Microsoft Corp. released nine security patches Tuesday, including one for a flaw that could allow an attacker to create an outbreak similar to the Sasser worm that crippled computers worldwide.

The flaw in Microsoft's dominant Windows operating system was one of three that the Redmond-based software company said warranted its highest rating of "critical." All of them could allow an attacker to take complete control of another person's computer without that person's permission.

Microsoft also released six less critical updates for its Windows operating system, including one that also affects the company's Exchange Server product.

Marc Maiffret, an executive with eEye Digital Security Inc. of Aliso Viejo, Calif., said he expected the flaw that could create a Sasser-type outbreak to be exploited in some way. Maiffret, whose company discovered the flaw, said such an exploitation could be anything from a crude attempt that results in little disruption to a sophisticated, crippling attack.

Sasser snarled hundreds of thousands of computers, costing millions of dollars in damage.

___

On the Net:

www.microsoft.com/security

Microsoft Issues 9 Security Patches

Microsoft Corp. today released nine updates to fix security holes in its Windows operating system, including three patches that earned Redmond's "critical" rating, meaning the company believes hackers could exploit them to take control over unpatched computers.

Among the critical patches is a bundle of fixes for Microsoft's Internet Explorer Web browser, which mends at least four security holes in the browser that purveyors of spyware will no doubt take advantage of on unpatched Windows machines in the near future.

There is also a patch to fix a critical problem in DirectShow, the video playback software bundled as part of Microsoft's DirectX graphics program. This flaw is present in every version of Windows going back to Windows 98.

The third critical patch fixes three separate security holes in the Microsoft "MSDTC and COM+ services." Never mind what those stand for or what they do, just patch if you need to -- the flaws are present in certain versions of Windows Server 2003, Windows XP, and Windows 2000.

There are six other patches, but I won't bore you with the details here. If you want to read up on them, check out this link to Microsoft's security page.

If you're running Windows, you can (and should) grab the free patches immediately. One method is to point Internet Explorer to Microsoft's update site. If you have not upgraded yet from Windows Update to Microsoft Update, you may be prompted to do so before continuing. Alternatively, you can let Microsoft handle the whole process for you by turning on automatic updates and installing any security patches it says you need.

Curiously, Microsoft did not release an update to fix a problem reported several months ago in a component of Microsoft Office that is actively being exploited.

By my running tally, this brings to 29 the number of critical patches Microsoft has issued thus far in 2005, already topping 2004's total of 25 critical updates. 

Edited October 11, 2005 by cracker

[Utsav 0]

Still discovering flaws of Windows 98?