Mercifully Light Microsoft Patch Tuesday
Today's monthly security update from Microsoft amounted to just one security patch for the Windows operating system. It's a nice respite from last month's deluge of patches, when Microsoft dumped a total of eight fixes -- five of them "critical" -- to plug 18 different holes in its software.
Microsoft rated today's patch "important," which generally means hackers could use it to break into vulnerable computers, but that at least some action on the part of the victim would be required. The problem also is mainly resident in certain versions of Windows 2000, which is mostly used by businesses. The problem does appear to affect users of Windows98, Windows SE and Windows ME, but those users may be out of luck: Microsoft no longer offers support or patches for non-critical security flaws in those operating systems.
Microsoft also used the occasion to launch a pilot project called "Microsoft Security Advisories," which the company said aims "to provide guidance and information about security related changes that may not require a security bulletin but that may still impact customers' overall security." Translation: Some "features" we've intentionally designed into our software are being abused, and here are some ways to make sure said features don't turn into a liability for you or your organization.
Case in point: Security experts and several anti-virus companies recently called attention to the fact that hackers and unscrupulous online marketers are spreading spyware by taking advantage of how the "digital rights management" (DRM) technology works in Microsoft's Windows Media Player. In one of two security advisories posted today, Microsoft said it is making available an update to the Media Player software that allows users to modify the DRM technology to make the software more secure. The fix is available here.
And in case you've always wanted to give Microsoft a piece of your mind about any of their security or patch practices, here's your chance: Microsoft said today it is launching a customer feedback program to learn how to "make all of our security communication offerings valuable." The company said that it is "conducting an online survey to gather information from customers on the value of the content included in Microsoft security bulletins, which is some of the most critical content for Microsoft customers." More details are online here.
As always, free patches are available from Microsoft's Windows Update Web site (except for Windows 98, Windows 98SE, and Windows ME users in this case.)
Posted by: Chuck | May 24, 2005 10:45 AM | Report abuse
The comments to this entry are closed.