Network News

X My Profile
View More Activity

Microsoft Plugs Nine Security Holes

Microsoft today released a set of seven security updates to fix at least nine separate security holes in its PCs powered by its Windows operating and other software. Windows users can fetch the patches from the Microsoft Update Web site or via Automatic Updates.

About half of the vulnerabilities fixed in this month's Patch Tuesday were flaws in Internet Explorer. Redmond warned that one of the security holes could be used by malicious Web sites to install software on or completely compromise Windows PCs -- including those running IE6 or the latest IE7 on Windows XP or Vista. Another update, which fixed a hole found in a graphics program called the "Kodak Image Viewer," could also be exploited through IE, but applies mainly to Windows 2000 users.

Separate updates are available for Outlook Express, Windows Mail on Vista systems, and Windows Server 2003, as well as Microsoft Office 2004 for Mac.

By Brian Krebs  |  October 9, 2007; 5:21 PM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: A Year's Worth of Phish Facts
Next: Microsoft Changes Tune on IE7 Vulnerability

Comments

For corporate sysadmins, Microsoft security bulletin MS07-058 is one of the more important patches to deploy asap.

MS07-058: Vulnerability in RPC Could Allow Denial of Service (933729) applies to all Microsoft Operating Systems (including Vista)

Without this patch, disgruntled users on the internal network can send malformed packets to the company email server, file server, sql server, or his\her boss's computer and take that computer offline. While this attack doesn't execute code on remote systems, it does prohibit that system from participating on the network. For some companies, loss of access to a particular file server or email server may lead to catastrophe for the better part of an afternoon. (and the malicious disgruntled user will simply DOS the email server the moment it's rebooted, and the process repeats itself)

Posted by: Eric Schultze | October 9, 2007 6:18 PM | Report abuse

No relief for us lucky folks who had our Windoze ruined by using the Repair function of the WinXP install disc after the 'Stealth' updates?

Siccum, Brian

Posted by: Keith Warner | October 10, 2007 5:54 AM | Report abuse

This is great stuff. So basically a programming flaw in an application interfacing with the Internet can seriously compromise an entire operating system?

What kind of operating system is that?

Posted by: Rick | October 10, 2007 7:18 AM | Report abuse

Get a Mac!

Posted by: James Wilder | October 10, 2007 8:44 AM | Report abuse

Gee... thanks for that insightful wisdom, "Get a Mac!" amidst the comments on this beneficial column.

Had One / Dumped It / Happy with PCs.
Great column, Brian.

Posted by: Llew | October 10, 2007 10:31 AM | Report abuse

I'm a PC user. Had Win XP Pro installed 5yrs ago; no probl. As soon as Vista was rolled out, my PC was infected by Microsoft with a continual pop-up "advising" me every 10 mins that my system was at risk due to running a "pirated" version of the Windows XP Pro OS. Like they couldn't have detected that "piracy" or "risk" at the time of registration or at any time during the following 5 yrs of use? No wonder Bill Gates is distancing himself from this rapidly deteriorating corporate megalomaniac. BTW, when I tried to contact Microsoft to resolve the discrepancy, a non-English speaking person could not even put me in touch with a supervisor in her office. End result: buy Vista or suffer with a MS installed virus (not even Geek Squad would help; "We're not allowed to service any system that was in use prior to Vista."). Shame on you, Microsoft, for shoddy business practices.

Posted by: SlyDogYork | October 10, 2007 11:20 AM | Report abuse

Funny these Microsoft patch posts always bring out a few haters and fanboys.

Fact is: patching is part of computing REGARDLESS of operating system or software application in use.

So, instead of whining or bashing, use the valuable information provided here and patch your system(s).

Posted by: TJ | October 10, 2007 11:47 AM | Report abuse

I agree with TJ's comment completely. Most software gets patched on a regualar basis, many as often as Microsoft products. You don't hear about them as much because they are released on the same day as Microsoft's so they go relatively unnoticed because everyone is focused on Windows. Check out this to article to see what he means

http://blogs.zdnet.com/security/?p=580&tag=nl.e622

Posted by: CTol | October 10, 2007 12:19 PM | Report abuse

Over the years, the targets of these patches are Internet Explorer. Now IE is actually bundled and buried deep in the Windows operating system. If only we could get our hands on the European Version of Windows where IE is left out! Maybe we would see fewer patches or at least fewer security holes.

Frankly, Windows is getting to be a creaky old falling down structure that has seen better days. Perhaps it is time that Microsoft just plain give up on it and either build a completely new system or do what Apple did, use a tried and true system such as Unix, or God forbid, and open system such as Linux.

Posted by: RedRat | October 10, 2007 2:02 PM | Report abuse

Is anyone having problems with latest Outlook patches? I am running XP with latest Microsoft patches. When I try to reply to a message, the message opens and bam, it immediately sends message. No chance to enter
anything in reply...Interesting fix. I guess
it for security reasons than you can no longer reply to an email%^$%%$#%@$^

Posted by: RP | October 10, 2007 10:47 PM | Report abuse

Since installing the latest patches I no longer have my desktop icons nor right mouse functions on the desktop. To get the icons I have to begin the shut down process. Changes in my system functionality have gotten worse after each of the last few monthly patch updates.

Posted by: JB | October 11, 2007 12:47 AM | Report abuse

For those having problems after installing patches...

"Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates."

or self help

http://support.microsoft.com

Posted by: Tim | October 11, 2007 11:37 AM | Report abuse

It's called acting responsiblly!

Posted by: steveballmer | October 11, 2007 4:39 PM | Report abuse

My puter hates IE7 and auto updates as they dont work for me or keep trying to dl time after time endlessly.

Not that anyone at Microsoft cares - did a survey saying IE7 sucks - not only for me - it mucked up my whole system.
5 times - easy to rollback to IE6 which is friendly. But I only use it for links or updates as Fox is faster.

Posted by: Valerie | October 11, 2007 11:08 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company