Network News

X My Profile
View More Activity

Microsoft's Patch Tuesday Includes New Rating Index

Microsoft today released 11 software updates to fix at least 20 security flaws in its Windows operating systems and other software. Windows users can grab the latest updates from Microsoft Update or by turning on Automatic Updates.

This month's bundle of updates includes at least five fixes for security holes in Microsoft's Internet Explorer Web browser, as well as patches for at least four separate flaws in Microsoft Office, three affecting Microsoft Excel exclusively. The IE flaws impact both IE6 and IE7, but are more of a threat for users running IE on Windows 2000 or Windows XP systems. All told, nine of the vulnerabilities fixed this month earned "critical" ratings from Microsoft, meaning the software giant believes that criminals could leverage them to break into exposed systems with little or no help from the victim.

October also is the first month Microsoft has detailed how each flaw fares on its "exploitability index," which attempts to gauge how fast hackers will find ways to compromise vulnerable systems. Seven of the flaws addressed by today's release (including two of the IE bugs) earned Redmond's highest exploitability rating. Bear in mind that several of these IE vulnerabilities are the sort that could be exploited merely by enticing users to visit a malicious or hacked Web site.

Microsoft said details about how to exploit two of the flaws -- one in IE and another in the Windows operating system -- have already been published. Redmond also warned that one of the vulnerabilities -- a problem with the Windows Printing Service on Internet Information Services (IIS) Web server -- is actively being exploited at this time.

Microsoft urges Windows users to apply the fixes as soon as possible. I will update this post if I get wind of any capability or stability problems that these patches may create. In the meantime, please drop a line in the comments below if you experience any difficulty installing these updates.

-- Brian Krebs

By Editors  |  October 14, 2008; 5:41 PM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Security Software Suites No Match for Custom Attacks
Next: Report: Russian Hacker Forums Fueled Georgia Cyber Attacks


"All bugs will be fixed, and be replaced by new ones."
This was included in a developer's email signature.

Posted by: Harry from Canada | October 14, 2008 6:46 PM | Report abuse

it kinda makes you wonder if microflubb will ever get it right. vista well so much for getting it right maybe windows 7 due out sometime in the last quater of 09 or early 10 will finally get the job done right, well maybe=just saying. And yes I own a dell laptop with xp running it.

Posted by: usaii | October 14, 2008 10:26 PM | Report abuse

I really don't see how this "new" effort by M$ is going to help - except to satiate whatever corporate customers wanted -something- more done. The hacks will determine which ones need to be installed - as soon as they issue an exploit for them.

'Answer (bottom line) is the same - put the damn patches on ASAP.

Posted by: J. Warren | October 14, 2008 11:35 PM | Report abuse

Are these Exploitability Index ratings available on the web or as part of the vulnerability reports?

I went through them all yesterday and didn't notice anything new, but they're all so dense that one new line of text would be easy to miss.......

Posted by: Bob | October 15, 2008 3:08 PM | Report abuse


Looks the "Exploitability Index" is only on the monthly bulletin (middle of page):

For more info, see:

Posted by: TJ | October 15, 2008 4:11 PM | Report abuse

Your Opinions are slanted. Why don't you write about Apples Security fixes like you do Microsoft?
Apple released 40 patches compared to Microsoft's 20. You are a journalist? Have some respect for your profession.

Apple, Opera Ship Security Updates
Apple on Thursday released software updates to fix a slew of security issues in computers powered by its OS X operating system. Separately, a new version of the Opera Web browser is available that addresses a pair of serious security flaws.

Apple's seventh big bundle of updates so far this year plugs more than 40 security holes in the operating system and other software for Mac OS X 10.4 and 10.5 desktops and server versions. Among the applications tweaked in this update are Apache, Finder, and ClamAV, the anti-virus software that ships with OS X server products.

The updates are available via the built-in Software Update feature, or directly from Apple's software downloads Web site.

For whatever reason, Opera still does not offer an auto-update feature. Opera users can grab the newest iteration of the browser, version 9.6, from Opera's Web site. In addition to the two security patches, the new version includes a few new features and some bug fixes.

I will be answering your questions about security and computer troubles from 11 a.m. to noon today, in our Security Fix Live online chat. If you've got a question for me, please feel free to drop it in the queue now.

Posted by: Anonymous | October 16, 2008 6:59 PM | Report abuse

I am from china!Now WindowsXP already run in my computer.But,My salary have only ¥1000 in a month.Use a PC feel very
expensive,Also i need pay to get on the internet of cost!I need food,house,basic life.

Posted by: chinese | October 17, 2008 1:12 PM | Report abuse

I had to uninstall the October security patches in order to get Internet Explorer to launch. This effected 200+ workstations at my company.

Posted by: Joe | October 18, 2008 3:44 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company