[ insider_reports_insider ]
Microsoft Patches Nailed Critical Flaws
David Utter
Staff Writer
2006-10-11
 Insider Reports RSS Feed
The company distributed ten security bulletins on Patch Tuesday, with several Critical bulletins correcting multiple problems in Windows and Office applications.
 | | "Patch Nails It" |  |
Saying ten bulletins were made available to Microsoft's customers understates the number of fixes being distributed. Word, Excel, and PowerPoint all required multiple fixes from the updates they received, and Windows needed attention from the engineers in Redmond, too.
Of the bulletins released, Microsoft rated six of them Critical, its highest warning level. All of them patched problems that could have permitted remote code execution on a system, should they have been exploited.
Microsoft has experienced a problem in recent years where attackers have worked very quickly to create exploits based on the patches released by the company. These malicious types hope to exploit PCs where the user has been slow to update the system, for whatever reason.
While organizations can fall back on either Automatic Updates preset on their networked PCs, or use a centralized patch management solution, any delay in getting machines patched leaves a network vulnerable to just one person opening a document containing an exploit in an email.
Consider that millions of installations of Windows and Office exist on PCs throughout the world to see the scope of the problem. Fast-working criminals may be able to hit machines before the patches do, depending on how long it takes to update a given number of PCs.
All of the Critical vulnerabilities share a common aspect. If they are exploited on a system where the user has administrative rights, those exploits can have much greater impact. PCs with users who have a lower level of rights on the machine would be vulnerable to the extent of their privileges.
In an organization, there are always some people who may have Power User privileges instead of the more common User ones. A combination of overconfidence and inattention to the origin of an incoming document could lead to an exploit being unleashed on a machine.
That could allow malicious code to wipe out files and corrupt settings on a system. While system backups can replace what has been destroyed from the most recent backup of data, changes made in the interim would be lost.
The most recent spate of patches should prompt people, in either home or corporate environments, to backup data regularly. The file you save could be critical, so why not treat it that way?
---
Tag: Microsoft
Add to  Del.icio.us |  Digg |  Yahoo! My Web |  Furl
Bookmark SecurityProNews - 
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
