Network News

X My Profile
View More Activity

Microsoft Patches 26 Security Holes

Microsoft today released updates to fix at least 26 security vulnerabilities in its Windows operating systems and other software. At least 17 of those flaws earned Microsoft's "critical" rating, meaning they could be exploited to break into vulnerable systems with little or no help from the victim.

The 26 vulnerabilities are the most Microsoft has addressed since it had 25 in August of 2006, which also included 17 rated as critical, according to anti-virus firm Symantec.

Microsoft patched two holes in that have already been used in targeted attacks against people browsing the Web with Internet Explorer 6 and 7. In addition to those two fixes, one bundle of critical updates plugs five other security holes in Internet Explorer, most of which Microsoft said are present all versions of the browser.

Half of the flaws fixed in today's release were found in Microsoft Office and component programs, such as Excel, PowerPoint and Word. Redmond also released patches for vulnerabilities in Windows Messenger, Outlook Express and Windows Mail.

The updates are available through Microsoft Update or Automatic Updates. Office 2000 users can get Windows patches through either of those options, but will need to make a special trip to the Office Update page to grab the Office patches.

A patch-by-patch breakdown of today's updates is available from Microsoft, at this link here.

By Brian Krebs  |  August 12, 2008; 4:01 PM ET
Categories:  Latest Warnings , New Patches , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: New Tool to Automate Cookie Stealing from Gmail, Others
Next: Q&A With FBI's Cyber Division Chief

Comments

Running Vista here, only got one update this morning. KB940157 (Windows Search 4.0). Strange.

Posted by: Vistageek | August 12, 2008 4:58 PM | Report abuse

All the updates loaded on my PC's with no problems.

Posted by: Robert | August 12, 2008 8:32 PM | Report abuse

Just ran Windows update w/ Office 07. 14 updates, 12 were critical. When I checked this morning around 10 CDT, none showed up.

Posted by: Peter | August 13, 2008 12:06 AM | Report abuse

It is truly amazing that Microsoft, a $300 billion company with 90,000 employees that purports to be THE leader in commercial software still seems to generate code consistently leakier than a screen door on a submarine.

Posted by: Ken | August 13, 2008 3:41 AM | Report abuse

From a different prospective, it appears that McAfee, security center is either compromised or McAfee itself at the behest of some US Government agency involved in spying or gathering data as to what the its clients are browsing. The proof is in that every time I am logging in McAfee reminder pops up with a updating message. It goes through the cycle of so called up dating. But viewing he update log, nothing is updated.

I have also tested this by not allowing McAfee to start the up dating cycle. But use delete all including cookies, temp files, b. history, forms and passwords. Guess what ! after completing all the above, McAfee updating message stops popping up.

Posted by: winemaster2 | August 13, 2008 4:06 AM | Report abuse

From a different prospective, it appears that McAfee, security center is either compromised or McAfee itself at the behest of some US Government agency involved in spying or gathering data as to what the its clients are browsing. The proof is in that every time I am logging in McAfee reminder pops up with a updating message. It goes through the cycle of so called up dating. But viewing he update log, nothing is updated.

I have also tested this by not allowing McAfee to start the up dating cycle. But use delete all including cookies, temp files, b. history, forms and passwords. Guess what ! after completing all the above, McAfee updating message stops popping up.

Posted by: winemaster2 | August 13, 2008 4:08 AM | Report abuse

MicroSoft should have a better process release program ensuring software is as invlunerable as possible prior to release instead of the usual crawl, walk, limp, wheelchair and paralysis life cycle it currently champions. I hope all nerds at the main office read this. I hate MAC to no end but am strongly considering migrating all of the organization's client systems to that platform.

Posted by: Anonymous | August 13, 2008 4:40 AM | Report abuse

14 Vista updates today (I had to check, not automaticly loaded for some reason), on top of 80+ updates after VISTA's SP1. Microsoft, Bill Gates and VISTA are the pits!

Posted by: dossier | August 13, 2008 6:52 AM | Report abuse

I thought my new computer was not accepting the updates. Every single time I turn it off there's a new update. I just figured something was wrong with my computer.

Posted by: Ron | August 13, 2008 8:31 AM | Report abuse

Some people just don't understand that patching is part of the software ecosystem regardless of WHO makes it! As such it's rather silly to complain about it or threaten to switch to some other platform because of it. Even if the grass appears greener, it still needs to be mowed.

Posted by: TJ | August 13, 2008 9:53 AM | Report abuse

Get a Mac. Microsoft products are fatally flawed no matter how you try to patch them.

Posted by: Fred | August 13, 2008 10:46 AM | Report abuse

We have done some research on this month’s Microsoft Patch updates and have run them through our Application Compatibility Lab (ACL) which uses our AOK Workbench tool to analysed each of the patches. We found that most of the updates should not cause too many application issues. However, it looks like MS08-045, the IE 7 Security update may cause issues due to application dependencies on Internet Explorer 7. For further information, have a look at the our company report issued this morning; http://www.changebase.com/news_release_13_08_08.html

Posted by: ChangeBase Ltd | August 13, 2008 11:24 AM | Report abuse

Posted by: Linus Torvalds | August 13, 2008 11:49 AM | Report abuse

The MS update website does not allow the download of these security updates unless one installs SP3 first.

Posted by: GSG | August 13, 2008 12:40 PM | Report abuse

Windows, Mac OSX, and Linux all require periodic security updates. Get over it.

Posted by: JohnJ | August 13, 2008 12:56 PM | Report abuse

C'mon, bro -- are you really saying that Windows, Mac, and Linux are equally vulnerable to hacking? That's objectively false.

Brian, I'm sure you've addressed this subject before; could you weigh in on this 'debate'?

Posted by: Amos 'n' Andy | August 13, 2008 1:35 PM | Report abuse

If you don't like patching run OpenBSD, solid as a rock, just good luck with the CLI, that's all you get out of the box. O and it's free.

Posted by: Anonymous | August 13, 2008 3:18 PM | Report abuse

After loading the updates overnight(XP home), this morning my Samsung CD drive stopped detecting CDs though it reports in my computer as working normally. Any ideas?

Posted by: pasco2c | August 13, 2008 3:28 PM | Report abuse

@Amos 'n' Andy

You're equating patching with platform vulnerability. That's NOT the point. The point is that all software regardless of maker needs patching whether it's to plug security holes, operational bugs or what have you. Those who complain are either ignorant or most likely fan boys that use the opportunity to slam a vendor and tout their own preference. Either way, it's immature and pointless.

Posted by: TJ | August 13, 2008 3:42 PM | Report abuse

In a Microsoft Windows context, hotfixes are small patches designed to address specific issues, most commonly to freshly-discovered security holes. These are small files, often automatically installed on the computer with Windows Update (although some may only be able to be obtained via Microsoft Support) and could contain a hot patch eliminating the need for a reboot.

Posted by: BENDER | August 13, 2008 5:07 PM | Report abuse

I had Vista install 16 patches last night and my Toshiba A205 laptop with Vista Home Premium stopped working immediately following.

It would begin to boot up then go to a black screen and simply stop. The repair utility stated that one of the patches was the reason my PC stopped working. I had to boot to safe mode and roll back my Vista 5 days in order to be able to use my PC again!

The problem now is determining the offending patch so I can download the others.

Posted by: Chris | August 13, 2008 5:09 PM | Report abuse

Is Service Pack 1 required for these patches?

Posted by: Anonymous | August 13, 2008 6:35 PM | Report abuse

I have not installed SP3 on my desktop with XP and all updates were installed successfully, so it reports. I have not installed SP1 for Vista on my laptop yet (see a pattern of perhaps overcaution here?)and all updates were listed as installed successfully. Back to business as usual...

Posted by: bjth | August 13, 2008 8:26 PM | Report abuse

commenters complaining about the necessity of patches or the patching process are simply tech-illiterate.

Posted by: lp | August 13, 2008 9:24 PM | Report abuse

commentators complaining about "commenters" complaining about the necessity of patches or the patching process are simply platform- and english-language-illiterate.

Posted by: Bart Brown | August 13, 2008 10:42 PM | Report abuse

I have WinXP SP2 and Office XP/2002. All updates installed without incident.

Posted by: Tom | August 13, 2008 10:55 PM | Report abuse

I recently purchased an ASUS 701 running Linux, which I've chosen to learn in place of wasting time with Vista. Having a computer free of Microsoft is a delight.

Posted by: Teresa Binstock | August 13, 2008 11:36 PM | Report abuse

Perhaps a bit off topic, but germaine, I think. Two of the last three times I tried to access Security Fix, up came a giant link to an (all caps) Linkstorm.
As the past two attempts to access security fix were specifically targetted to update info, I kind of wonder what's going on.

Posted by: DavidT | August 14, 2008 1:00 AM | Report abuse

I installed the patches on a desktop & laptop both running Windows XP, SP2 - no apparent problems so far.

I've held off installing SP3 on either one - is it safe to do so yet or is that one still buggy? Actually, is SP3 necessary?

Posted by: sc | August 14, 2008 1:42 AM | Report abuse

@ winemaster2 = People who post the same item twice are blog-impatient. Click SUBMIT only once. Thankyavurrymuch!

Posted by: Pete from Arlington | August 14, 2008 9:46 AM | Report abuse

Like SC, I did not download SP3 and the security patches appear to have successfully loaded. Is SP3 necessary? I have attempted to download it a half dozen times and cannot do so.

Posted by: claywe | August 14, 2008 4:33 PM | Report abuse

Downloaded and installed all the 26 MS patches. After restarting my PC, McAfee security center firewall was de-activated, NERO DVD/CD burning software had errors along with my Iomega backup drive software. Needless to say I spent over 2 hours re-installing all these applications. This is wrong!

Posted by: Grumpy | August 15, 2008 10:38 AM | Report abuse

Back with another report...

our office system runs on XP Pro. My PC (non-administrator) is set to download & install MS updates automatically. Usually there's no problem.

It looks like SP3 + the 7 new patches are not installing. As of today, the machine's tried three times to install SP3 that I know about & it failed. Fortunately, it's still working otherwise.

Posted by: sc | August 16, 2008 1:11 AM | Report abuse

@JohnJ:

You really don't have a clue, do you?

Posted by: Rick | August 16, 2008 4:25 PM | Report abuse

When Apple patch 26 vulns it's mostly open source stuff they use. Although they occasionally patch their own holes and some of them are rather embarrassing.

But MS don't share. When they patch 26 security holes it's really 26 security holes. In their own software.

What is it now? Almost 7 years since Bill Gates apologised for the pain and suffering his Windows had caused the world and promised a new secure version?

When are people going to realise Bill's been pulling the wool over their eyes?

It's really simple really. It really is. You don't take a standalone system and put it on the Internet. Don't believe me. Believe Bill Joy. He helped build BSD and co-founded Sun. He uses OS X today.

Posted by: Rick | August 16, 2008 4:30 PM | Report abuse

@Rick

Pot meet kettle!

Posted by: TJ | August 17, 2008 11:08 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company