Microsoft Plugs 15 Security Holes
Microsoft issued free software updates today to fix at least 15 separate security flaws in its Windows operating system and other software. Windows users can grab the patches by visiting Microsoft Update or by turning on Automatic Updates.
Nine of the 15 flaws earned Microsoft's "critical" rating, its most severe. Critical vulnerabilities are those that are so serious they generally don't require any action on the part of the user to exploit, aside from maybe convincing the user to visit a malicious (or hacked) Web site, or open a specially-crafted e-mail.
Most of the critical vulnerabilities fixed in June's patch batch are addressed in a security roll-up for just about every version of Microsoft's Internet Explorer Web browser, including IE7 and IE7 on Windows Vista. The problem, again, is with ActiveX controls in the browser that could allow nasty Web sites to seize total control over a user's machine or to silently install software. One of the updates fixes a security hole that criminals already know how to exploit. Microsoft reports that the blueprints for attacking this flaw were posted online.
Another patch bundle is a cumulative update for Outlook Express and Windows Mail that plugs four separate security holes in those programs.
One patch that probably deserves special attention fixes a critical flaw in a Microsoft component of a security package called the Windows Secure Channel (SChannel), which handles security certificates issued by Web sites that require "secure sockets layer" or SSL connections (think sites whose address begins with https://). This is another vulnerability that could be exploited through Internet Explorer, in this case by a malicious Web site that sends a digital signature or certificate to the user.
This is a nasty group of vulnerabilities, people. If you are using Windows, you should not delay in downloading and installing these updates.
June 12, 2007; 2:22 PM ET
Categories: From the Bunker , Latest Warnings , New Patches , Safety Tips
Save & Share: Previous: Yahoo! IM Users Should Upgrade Immediately
Next: ZoneAlarm for Windows Vista Released
The comments to this entry are closed.