You are here: silicon.com > Software > Security Strategy

Security Strategy

Microsoft's 'patch Tuesday' releases six 'critical' plasters

Attackers go for apps, not "the throat"

Tags: patch, microsoft, sp1, vista

Printer Friendly Email Story RSS

By Tom Espiner

Published: 14 February 2008 08:34 GMT

Microsoft has released 11 security patches, six of which are "critical" and five of which are "important", according to the software giant.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

This month's "Patch Tuesday" did not include a patch that had been promised in Microsoft's advance notification for February 2008. Microsoft could not be reached for comment at the time of writing to say why the patch had not been included.

Most of the critical vulnerabilities addressed in this month's patches affect Office, while one affects Internet Explorer, according to Microsoft's security bulletin summary. One of the critical vulnerabilities, as reported in Microsoft Security Bulletin MS08-008, affects both Microsoft Office 2004 for Mac and Microsoft Visual Basic 6.0 Service Pack 6.

The five "important" patches affect Microsoft Internet Information Services, Windows and Office. All the Windows Vista-related updates will be included with Windows Vista SP1, expected to roll out to consumers in mid to late March.

Tim Rains, security response communications lead for Microsoft, told silicon.com sister site CNET News.com: "Windows Vista SP1 and Windows Server 2008 are not affected by any of today's bulletins." Neither of which are available to the public yet.

Microsoft security patches for the vulnerabilities are available via Microsoft Windows Update or Microsoft's February security bulletin summary.

Security vendor Symantec warned that exploits for the vulnerabilities would not require much user interaction to execute.

Ben Greenbaum, senior research manager at Symantec Security Response, said: "While the batch of critical vulnerabilities all require some sort of user interaction to exploit, the interaction can be as simple as visiting a trusted website that has first been exploited by an attacker."

Security-management company Lumension advised IT administrators to concentrate on patching the vulnerabilities in Office and Internet Explorer first. Alan Bentley, Lumension's European vice president, said: "Attackers have shown in recent years that they'd rather target applications than go directly for the throat of the operating system, placing pressure on businesses to address the Office and Internet Explorer vulnerabilities."

Original article: Microsoft releases six critical patches from ZDNet UK

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Related Links

Microsoft and Apple 'must improve security patches'

Apple releases more big cat security patches

Microsoft takes orders for security-patch CD

Three new Microsoft security patches released

Microsoft: One mobile device to rule them all

Rejection: Yahoo! dismisses Microsoft bid

Google, Microsoft and Yahoo! jump on board OpenID

Microsoft/Yahoo! - should Google be afraid of the big bad bid?

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business

Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business

UK ID cards rollout hit by delay as launch date revealed

Bletchley Park's World War Two codebreakers in their own words

'You're responsible for your own wi-fi security' say ISPs

'UK must up privacy safeguards following Phorm'

The top 10 technologies you need to plan for next year


  • Jobs
3 rd line Wintel Support Engineer - Central London

Your responsibilities will include; Proactive Server Maintenance through monitoring and patch management and deployment Installation, configuration ...

Backup Systems Engineer

Fault finding and diagnosis of incidents * Adherence to defined standards and preparation of documentation * Interaction with 3rd party vendors * ...

Technical Analyst - SMS, SCCM, WSUS - Patch & Release

The role will involve the assessment of vulnerabilities, patch testing and application deployment via remote systems such as SMS/SCCM, WSUS and ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.

JD Edwards Spotlight Video

CEO Dashboard Management: Why Creating Visual Reports You Can't Hide From Will Help...

Virtual Private Servers (VPS)

Looking for a fast payback? 10 Minutes with Free Tool Can Save Thousands

Martin Brokers cashes in on back-up swap

VocaLink makes virtualisation pay

Sony Pictures sets sights on best IT Oscar

Co-op Group kicks "server sprawl" into touch

Arts Council gets tech troubleshooting boost

Torex tech treats Thorntons to quicker sales

Stories from the web...


eBay app lets users bid from a BlackBerry

ID card database: 500 names added in first month

Women in IT: Tech has an image problem

Tesco Mobile to get a taste of Apple's iPhone

Marketing chiefs: Are you spamming your customers?

IT skills shortage squashed by recession?




Quick Sitemap Links: