[ news_security_news ]
Big Patch Tuesday Prompts Responses
David Utter
Staff Writer
2008-02-14
 Security News RSS Feed
Security companies weighed in with opinions about Microsoft's substantial February updates.
Critical issues aplenty needed care and ministrations from Microsoft's engineers. Out of the eleven updates issued by Microsoft, six covered Critical issues, which could permit remote code execution if exploited. Security pros tend to frown upon such behavior.
A cumulative update for Internet Explorer knocked out four vulnerabilities. One flaw had been disclosed publicly, to Microsoft's chagrin. All of the problems, detailed under advisory MS08-010, probably merited priority attention, according to Jonathan Bitle, director of technical account management at Qualys.
"While this is a replacement patch for MS07-069, released late last year, it is still greatly important to apply because it affects so many different systems and requires very little user interaction to be exploited," Bitle said in a message to SecurityProNews.
Bitle also noted the absence of a fix for an Excel vulnerability reported publicly in January. Microsoft had previously called for 12 security bulletins for February, but only delivered 11, of which the missing one could be for Excel.
Out of the six bulletins, security vendor McAfee said five addressed the kinds of flaws that can be exploited through opening a specially crafted file, or visiting a malicious website from a link.
"These types of vulnerabilities are often used in Trojan horse attacks or for drive-by downloads of malicious code, respectively," the company noted in a statement.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More news_security_news Articles
Security News RSS Feed
|
|
RSS
Archive
Contact Us
Advertise
