Microsoft's Patch Tuesday Includes New Rating Index
Microsoft today released 11 software updates to fix at least 20 security flaws in its Windows operating systems and other software. Windows users can grab the latest updates from Microsoft Update or by turning on Automatic Updates.
This month's bundle of updates includes at least five fixes for security holes in Microsoft's Internet Explorer Web browser, as well as patches for at least four separate flaws in Microsoft Office, three affecting Microsoft Excel exclusively. The IE flaws impact both IE6 and IE7, but are more of a threat for users running IE on Windows 2000 or Windows XP systems. All told, nine of the vulnerabilities fixed this month earned "critical" ratings from Microsoft, meaning the software giant believes that criminals could leverage them to break into exposed systems with little or no help from the victim.
October also is the first month Microsoft has detailed how each flaw fares on its "exploitability index," which attempts to gauge how fast hackers will find ways to compromise vulnerable systems. Seven of the flaws addressed by today's release (including two of the IE bugs) earned Redmond's highest exploitability rating. Bear in mind that several of these IE vulnerabilities are the sort that could be exploited merely by enticing users to visit a malicious or hacked Web site.
Microsoft said details about how to exploit two of the flaws -- one in IE and another in the Windows operating system -- have already been published. Redmond also warned that one of the vulnerabilities -- a problem with the Windows Printing Service on Internet Information Services (IIS) Web server -- is actively being exploited at this time.
Microsoft urges Windows users to apply the fixes as soon as possible. I will update this post if I get wind of any capability or stability problems that these patches may create. In the meantime, please drop a line in the comments below if you experience any difficulty installing these updates.
-- Brian Krebs
October 14, 2008; 5:41 PM ET
Categories: New Patches
Save & Share: Previous: Security Software Suites No Match for Custom Attacks
Next: Report: Russian Hacker Forums Fueled Georgia Cyber Attacks
Posted by: Harry from Canada | October 14, 2008 6:46 PM | Report abuse
Posted by: usaii | October 14, 2008 10:26 PM | Report abuse
Posted by: J. Warren | October 14, 2008 11:35 PM | Report abuse
Posted by: Bob | October 15, 2008 3:08 PM | Report abuse
Posted by: TJ | October 15, 2008 4:11 PM | Report abuse
Posted by: Anonymous | October 16, 2008 6:59 PM | Report abuse
Posted by: chinese | October 17, 2008 1:12 PM | Report abuse
Posted by: Joe | October 18, 2008 3:44 AM | Report abuse
The comments to this entry are closed.