Network News

X My Profile
View More Activity

Microsoft Plugs 11 Software Holes

Microsoft Corp. today pushed out software updates to plug at least 11 separate security holes in its Windows operating system and other software.

Windows users can grab the updates via the Microsoft Update Web site, through Automatic Updates, or download individual patches from the Microsoft Download Center.

Four of the vulnerabilities earned a "critical" rating from Redmond, its most severe. Microsoft labels flaws "critical" if they can be exploited remotely with little if any help from the user.

Updates are available for most versions of Windows 2000, Windows XP, Windows Server 2003, and Microsoft Office.

Four of the flaws reside in Office, from Office 2000 all the way up to the latest -- Office 2007. Office patches also are available through Microsoft Update, unless you're an Office 2000 user, in which case you'll need to pay a visit to the Office Update site to complete this month's patch cycle. Office 2000 users also may need to have their Office installation CD handy to finish the installation.

One interesting vulnerability patched today stems from a problem with the firewall built into Windows Vista PCs. From the advisory, there is an "information disclosure vulnerability in Windows Vista that could allow a remote anonymous attacker to send inbound network traffic to the affected system. It would be possible for the attacker to gain information about the system over the network." Microsoft notes that an attacker would still need to know a valid user name and password for the targeted Vista system to access any programs or other resources on the machine.

Companies often take anywhere from a few days to a few weeks to deploy patches, allowing time to test the updates to be sure that they do not break existing software applications. But home users should not delay in applying these updates. If you've heeded my oft-uttered advice to run your system under a limited user account, you will need to log in using an administrator account to install patches.

By Brian Krebs  |  July 10, 2007; 2:55 PM ET
Categories:  Latest Warnings , New Patches , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Florida Counterfeit Credit Card Ring Busted
Next: New Threat Pits Internet Explorer Against Firefox

Comments

hi this is to informe you that an international group lik to ports has develop a high tech similar to the one portrayed in pbs broadcast on future tech.in order to connect soldiers minds for military purposes.it works with your dna and a code in order to differentiate from one person to the other.they have a way to lower it so yoare not even aware that you've been monitored.as unbeliebable as 911,attacks on glasgow,and uk and also the poisoning of an ex-kgb agent in uk with plutonium 10 were unbeliable and them took place.tech we do not know to exist can be develop in the private and/or public sector for good and for worst.if this tech falls in worst hands than it is already,like radical muslims ,we are in real danger.you choose to disregard or believe.that's your choice.thak you

Posted by: annonimus | July 10, 2007 4:25 PM | Report abuse

BK - Microsoft .NET might be assuming the mantle of "worst, space hogging update technique" from Sun now that Sun has streamlined the Java / JRE updates. Can I uninstall old versions of .NET? ...or could Microsoft really need to run versions 1-3 on my PC? Thanks

Posted by: OhioMC | July 10, 2007 11:16 PM | Report abuse

These latest updates have failed to install several times now for me. I'm running XP Home, SP2 and haven't had this trouble before. Judging from the MS discussion forum, I'm not the only one having serious trouble getting it to work. Fortunately, it doesn't seem to be interfering with or affecting other programs although the bloody update icon won't go away.

Since MS help is next to useless, and since I'm not ready to buy a Mac (but will, next viable opportunity), what do we do - wait for next month's fix?

May a thousand jackals sit on MS's collective grave...

Posted by: sc | July 11, 2007 6:57 PM | Report abuse

There are also some new security updates from Adobe. There is an update for the Flash player that addresses multiple vulnerabilities; many people will need this for their browser plugin(s). There's also an update for Photoshop. SANS has a brief article on this at:
http://isc.sans.org/diary.html?storyid=3126

Note that the comment in the SANS article is correct: if you have (on Windows) both Internet Explorer and Firefox plugins, you need to get both updates.

Posted by: Rich Gibbs | July 12, 2007 11:57 AM | Report abuse

BK - I've done more research on the net on this & it appears that the problems with these patches are fairly widespread, involving mostly XP users but some Vista as well. For me, the updates failed to install on my PC (XP Home, SP2) although there was a "serious error" message from MS; I stopped them from installing on my laptop (XP Home/Media Edition, SP2).

Given this, BK, I question your well-intended advice to home users, urging them to download & install immediately. Do you know of a fix for these problems?

I have turned off these updates & won't do anything with them until I see there's a fix that doesn't require a rocket science work-around, and that won't wreck my PC or laptop.

Yes, Macs are looking pretty darn good.

And as for MS, may TWO thousand jackals sit on its collective grave.

Posted by: sc | July 12, 2007 12:38 PM | Report abuse

http://isc.sans.org/diary.html?storyid=3132
MS07-040: .NET update trouble

It seems there are a number of readers struggling with the MS07-040 patch for the .NET framework on what appears to be mostly clients.

The reports we got so far seem not to lead to any specific thing that happens in many cases, just various things going haywire. We really do appreciate the heads-up warnings we get from our readers as it allows to write little warnings like this one.

We'd like to offer a double advise at this time:

If you run into trouble do call Microsoft and open a case, it's the only way to get attention to the problem from those who know best how to fix it. It should be free. In the US: call 1-866-PCSAFETY, check their website for other countries, support with patches should always be free.

Do read through for your specific combination of .NET framework version and you specific OS the relevant KB, some of them were prepared in anticipation of certain problems. They are all linked from KB 931212 (http://support.microsoft.com/kb/931212/en-us).

Posted by: TJ | July 12, 2007 12:52 PM | Report abuse

kskas

nao pode ter + nada alen de zexo

Posted by: leo | August 17, 2007 12:33 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company