You are here: silicon.com > Software > Security Strategy

Security Strategy

Microsoft's 'patch Tuesday' releases six 'critical' plasters

Attackers go for apps, not "the throat"

Tags: microsoft, patch, sp1, vista

Printer Friendly Email Story RSS

By Tom Espiner

Published: 14 February 2008 08:34 GMT

Microsoft has released 11 security patches, six of which are "critical" and five of which are "important", according to the software giant.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

This month's "Patch Tuesday" did not include a patch that had been promised in Microsoft's advance notification for February 2008. Microsoft could not be reached for comment at the time of writing to say why the patch had not been included.

Most of the critical vulnerabilities addressed in this month's patches affect Office, while one affects Internet Explorer, according to Microsoft's security bulletin summary. One of the critical vulnerabilities, as reported in Microsoft Security Bulletin MS08-008, affects both Microsoft Office 2004 for Mac and Microsoft Visual Basic 6.0 Service Pack 6.

The five "important" patches affect Microsoft Internet Information Services, Windows and Office. All the Windows Vista-related updates will be included with Windows Vista SP1, expected to roll out to consumers in mid to late March.

Tim Rains, security response communications lead for Microsoft, told silicon.com sister site CNET News.com: "Windows Vista SP1 and Windows Server 2008 are not affected by any of today's bulletins." Neither of which are available to the public yet.

Microsoft security patches for the vulnerabilities are available via Microsoft Windows Update or Microsoft's February security bulletin summary.

Security vendor Symantec warned that exploits for the vulnerabilities would not require much user interaction to execute.

Ben Greenbaum, senior research manager at Symantec Security Response, said: "While the batch of critical vulnerabilities all require some sort of user interaction to exploit, the interaction can be as simple as visiting a trusted website that has first been exploited by an attacker."

Security-management company Lumension advised IT administrators to concentrate on patching the vulnerabilities in Office and Internet Explorer first. Alan Bentley, Lumension's European vice president, said: "Attackers have shown in recent years that they'd rather target applications than go directly for the throat of the operating system, placing pressure on businesses to address the Office and Internet Explorer vulnerabilities."

Original article: Microsoft releases six critical patches from ZDNet UK

Add Comment Add comment  Printer Friendly Print story   Email Story Email story   RSS
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Related Links

Microsoft and Apple 'must improve security patches'

Apple releases more big cat security patches

Microsoft takes orders for security-patch CD

Three new Microsoft security patches released

Microsoft: One mobile device to rule them all

Rejection: Yahoo! dismisses Microsoft bid

Google, Microsoft and Yahoo! jump on board OpenID

Microsoft/Yahoo! - should Google be afraid of the big bad bid?

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Naked CIO Naked CIO: Should you monitor staff? Somebody's watching you

Elinor Mills Why 1970s hackers had 'whiz kid' status Q&A: Kevin Mitnick - blackhat hacker turned good guy


SMS flaw leaves iPhone vulnerable to attack

ID cards: 'A project nobody wants and the nation can't afford'

IT security training now the 'substantial' task of GCHQ

PayPal techies hit fraudsters where it hurts

SMEs on target list for UK cyber attack group



  • Jobs
Windows / Unix Engineer

Experience of Windows and some UNIX patch building Role Summary Windows/Unix engineer Working to SLAs, the Champion support (Windows/Unix engineer) ...

Operations UK - Implementation Manager - High Growth Green Rewards Co.

Job Summary The Implementation Manager is responsible for implementing the RecycleBank scheme in various regions in the United Kingdom. This would ...

Technical Expert- Application Support

Point of contact for all issues raised by the Technical Account Managers, taking ownership of the incident through to resolution Issue investigation ...

Agenda Setters 2008
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.

The Financial Close: Optimizing Performance and Driving Financial Excellence

Enterprise Performance Management - Financial Excellence and Beyond

A complete view of the enterprise

Making the Business Case for HR Investments

Martin Brokers cashes in on back-up swap

VocaLink makes virtualisation pay

Sony Pictures sets sights on best IT Oscar

Co-op Group kicks "server sprawl" into touch

Arts Council gets tech troubleshooting boost

Torex tech treats Thorntons to quicker sales

Stories from the web...


Large Hadron Collider's grid gets stressed

Heatwave? No sweat for CIOs

Has in-flight entertainment got wings in the iPod era?

MoD inks £231m deal to boost comms

Take a trip to the future of air travel

Orange launches managed videoconferencing




Quick Sitemap Links: