You are here: silicon.com > Software > Security Strategy

Security Strategy

Microsoft's 'patch Tuesday' releases six 'critical' plasters

Attackers go for apps, not "the throat"

Tags: microsoft, patch, sp1, vista

Printer Friendly Email Story RSS

By Tom Espiner

Published: 14 February 2008 08:34 GMT

Microsoft has released 11 security patches, six of which are "critical" and five of which are "important", according to the software giant.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

This month's "Patch Tuesday" did not include a patch that had been promised in Microsoft's advance notification for February 2008. Microsoft could not be reached for comment at the time of writing to say why the patch had not been included.

Most of the critical vulnerabilities addressed in this month's patches affect Office, while one affects Internet Explorer, according to Microsoft's security bulletin summary. One of the critical vulnerabilities, as reported in Microsoft Security Bulletin MS08-008, affects both Microsoft Office 2004 for Mac and Microsoft Visual Basic 6.0 Service Pack 6.

The five "important" patches affect Microsoft Internet Information Services, Windows and Office. All the Windows Vista-related updates will be included with Windows Vista SP1, expected to roll out to consumers in mid to late March.

Tim Rains, security response communications lead for Microsoft, told silicon.com sister site CNET News.com: "Windows Vista SP1 and Windows Server 2008 are not affected by any of today's bulletins." Neither of which are available to the public yet.

Microsoft security patches for the vulnerabilities are available via Microsoft Windows Update or Microsoft's February security bulletin summary.

Security vendor Symantec warned that exploits for the vulnerabilities would not require much user interaction to execute.

Ben Greenbaum, senior research manager at Symantec Security Response, said: "While the batch of critical vulnerabilities all require some sort of user interaction to exploit, the interaction can be as simple as visiting a trusted website that has first been exploited by an attacker."

Security-management company Lumension advised IT administrators to concentrate on patching the vulnerabilities in Office and Internet Explorer first. Alan Bentley, Lumension's European vice president, said: "Attackers have shown in recent years that they'd rather target applications than go directly for the throat of the operating system, placing pressure on businesses to address the Office and Internet Explorer vulnerabilities."

Original article: Microsoft releases six critical patches from ZDNet UK

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Related Links

Microsoft and Apple 'must improve security patches'

Apple releases more big cat security patches

Microsoft takes orders for security-patch CD

Three new Microsoft security patches released

Microsoft: One mobile device to rule them all

Rejection: Yahoo! dismisses Microsoft bid

Google, Microsoft and Yahoo! jump on board OpenID

Microsoft/Yahoo! - should Google be afraid of the big bad bid?

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Peter Cochrane Peter Cochrane's Blog: Is convergence a fiction? Or could it finally be happening…

Clive Longbottom Quocirca's Straight Talking: A game of two halves Microsoft Virtualisation scores while its SOA bores...

Super scanners at UK airports

Prison tech: Mobiles blocked and bodies scanned

NHS data handling: Calls for independent audits

ID cards: 'Political' move, claim airport workers

Viacom vs Google: YouTube privacy fears

Google Talk finds a home on iPhone


  • Jobs
Security Analysts (2 posts)

Information Security Manager and ICT management any real or potential security breaches and vulnerabilities and provide information and leadership to ...

Product and Service Development Manager / Project Manager

The overall project is to deliver and migrate 40-60 bespoke/branded Websites by the end of the year - must have good customer interaction and the ...

Security Consultant Ethical Hacking / Penetration Testing - London

Responsibilities: - Deliver security assessment services including network scanning, vulnerability testing, penetration testing, search engine ...

CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.

College classrooms go high-tech

Travis Perkins builds its tech future

Thin clients switch on digitally excluded

MSDN Webcast: Demystifying Office Business Applications for the Developer (Level...

Understanding SOA and Business Mashups: Automate. Coordinate. Collaborate. No coding...

Tips and Tricks for Office 2007

MSDN Webcast: Demystifying Office Business Applications for the Business Analyst...

Stories from the web...


60-Second Pitch: FMC

Peter Cochrane's Video Blog: Power outrage

Business agility through flexible IT


Super scanners at UK airports

Only one in 10 Brits recycles old mobiles

Hospitals roll out RFID

Microsoft readies online apps for business

EU law to end file-sharers time online?




Quick Sitemap Links: