Microsoft Issues 2 More Patches
Microsoft Corp. today released two free updates to fix security problems in its software. Both fixes earned a "critical" rating, the company's most dire.
The first update fixes a security hole in the way Windows processes Web fonts, a problem present on every Windows operating system going back to Windows 98/ME, including fully patched versions of Windows XP (the flaw is rated merely "important" on Windows Server 2003).
Microsoft says the font flaw could be exploited by convincing a Windows user to visit a malicious Web page or view an e-mail message containing a specially-crafted font file. An attacker who successfully exploited the vulnerability could use it to take complete control over the victim's computer. Windows 98/ME users can obtain the patch from the old Windows update site. Everyone else can get the patch from Microsoft update or through automatic updates.
The second patch fixes critical security flaws resident in the Microsoft Outlook and Microsoft Exchange e-mail products. The specifics of this vulnerability are way too geeky to get into here. The thing to pay attention to is whether or not you are using one of these products and where you need to go to get the updates.
If you are using Microsoft Outlook (either the standalone version or one that came with Microsoft Office) where you download the patch depends on the age of the product version you're using. For instance, if you are using Exchange Server 2000 or Office 2003, you can get this update from the same place you get regular patches -- Microsoft's Update site. If, however, you are using Office 2000 or an older version of Exchange (such as 5.0 or 5.5), you must obtain the fixes from the old Office Update site.
I've been promised a neat little chart from Microsoft that explains a bit more simply where to get patches for each product. Oh, and this flaw doesn't affect Outlook Express that comes installed by default on Windows.
Update: 4:57 p.m. ET: Here is the graphic I mentioned above. Look on the left for the version of Microsoft Exchange, Outlook or Office that you are running. The next two columns -- WU and MU - stand for Windows Update and Microsoft Update -- and indicate whether those sites host the fix you're looking for.
Keep in mind that if you're counting on automatic updates to handle patching this Office/Outlook flaw for you and you're using an older version of those products, think again. You must apply the patch manually by heading on over to the Office Update site.
Posted by: Don Hawkinson | January 14, 2006 9:36 PM | Report abuse
Posted by: Anonymous | January 17, 2006 3:19 PM | Report abuse
Posted by: fdssfd | January 17, 2006 3:20 PM | Report abuse
Posted by: bkadler | January 19, 2006 4:44 PM | Report abuse
The comments to this entry are closed.