AT&T Tech Support 360
February 13, 2007 12:54 PM PST
Microsoft patches 20 security flaws
- Related Stories
-
Vista for the masses
April 4, 2007 -
Microsoft to deliver patches by the dozen
February 8, 2007 -
Excel under zero-day attack, Microsoft warns
February 5, 2007 -
Microsoft leaves Word zero-day holes unpatched
January 9, 2007 -
Microsoft pulls four planned patches
January 5, 2007
The fixes arrived in a dozen security bulletins, released as part of Microsoft's monthly patch cycle. Six of the alerts were tagged "critical," the company's most serious rating. These flaws could enable an attacker to gain complete control over a vulnerable computer with no action, or minor action, on the part of the user, Microsoft warned.
The critical vulnerabilities are in Windows, Internet Explorer, Office and in Microsoft security tools such as Windows Live OneCare and Windows Defender. None of the Windows or Office flaws affect Vista or Office 2007, Microsoft's latest updates. However, Windows Defender ships as part of Vista, so the new operating system is at risk from that direction.
Microsoft used its February patch day to clear a backlog of "zero-day" flaws, or security holes that have been publicly disclosed but not fixed. Seven of the 20 vulnerabilities addressed by Tuesday's bulletins were zero-days, and five of those were in Office applications. Microsoft planned to issue patches for the Office zero-day bugs last month, but postponed their delivery.
Most of the Patch Tuesday flaws are only potentially harmful if people with vulnerable PCs visit a malicious Web site or open an infected document. For example, the Microsoft security tools could be compromised when they scan a rigged PDF file, according to the company's advisory.
The updates will be pushed out to Windows PCs that have enabled Automatic Updates. They are also available for manual download from Microsoft's Web site.
See more CNET content tagged:
vulnerability,
Microsoft Office,
fix,
flaw,
Microsoft Windows Vista
http://blogs.zdnet.com/security/?p=29
(apparently Vista doesn't even have the no-admin feature on anymore... so much for MSFT and security, hey?)
/P
is that saying much ???? NOT ...
http://news.wired.com/dynamic/stories/M/
MICROSOFT_SECURITY?
SITE=WIRE&SECTION=HOME&TEMPLATE=DEFAULT
Oh and yes .. just visiting a malicious site can erase all you data
... sweet ... i guess that is the price for tying in speech
recognition with javascript and activeX controls ....
Would i let a Vista running PC access to personal info knowing
this ??? let me think ..... Never ... Why ? simple ... these first flaws
are just the first tree and there is a MIGHTY big H U G E forest
right behind the bend in the path ...
And yes as Joanna Rutkowska says the whole UAC model is a
joke , a bad one played on unsuspecting users that trusted a
company for yet too many years . As one of my teachers and
tutor in the IT business told me "The only way to secure a PC
running windows can be done in a simple step ... pull the
powercord". I see that advice still hasnt changed .. and yes i use
i5 , NetBSD , FreeBSD in work and at home... so far the kiddies
and the black hats out there are still kept out and my routers
sure are NOT Ciscos. I see this time worn adage still IS true after
all ..