[ insider_reports_insider ]
Microsoft Backfills Twenty Security Holes
David Utter
Staff Writer
2007-02-14
 Insider Reports RSS Feed
Even though a dozen security bulletins emerged from Microsoft on Patch Tuesday, some of them delivered multiple fixes to Windows systems.
 | | Microsoft Backfills Twenty Security Holes |  |
Six of the bulletins that hit the Internet received Microsoft's 'Critical' rating. That's the mark they give flaws that can lead to remote code execution.
Internet Explorer's cumulative update corrected three problems. Two of them existed in how older versions of IE handle COM objects, while the third presented a problem when connecting by FTP to a malicious FTP server.
Microsoft's Tami Gallupe called for specific attention to bulletin MS07-009:
Specifically, there's a minor issue around detection and MS07-009. Windows 2000 SP4 customers who have applied this security update and then perform a scan using MBSA, SMS2003 with the ITMU, or WSUS will get a report back erroneously saying that all languages were applied rather than just the language versions that were applied.
There was also a delay in posting the WSUSScan.cab file initially, but that was corrected later in the day.
According to Dave Marcus, security research and communications manager at McAfee Avert Labs, six of the vulnerabilities receiving patches had been used in "recent, targeted zero-day attacks." Such zero-day attacks have been frustrating to Windows users, as only on rare occasions has Microsoft released an early patch to thwart a known flaw.
---
Tag: Microsoft
Add to  Del.icio.us |  Digg |  Reddit |  Furl
Get all the updates - 
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
