Microsoft Sets New Patch Record, Fixes 26 Flaws - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
10/10/2006
04:09 PM
50%
50%

Microsoft Sets New Patch Record, Fixes 26 Flaws

The flaws, more than half of which received a "critical" rating, run the gamut from Internet Explorer to Word, Excel, and PowerPoint.

Microsoft on Tuesday released 10 security updates, one less than anticipated, that patched a record 26 vulnerabilities in Windows, Office, and .Net. More than half of the flaws were pegged "critical" by the Redmond, Wash. developer.

Tuesday's tally was impressive by any count: 6 of the 10 updates were judged critical, with the remaining split among Microsoft's other rankings: "important" (1), "moderate" (2), and "low" (3). Of the 26 disclosed vulnerabilities, 15 were labeled critical, 6 important, 2 moderate, and 3 low. Both the total vulnerabilities and the number of critical vulnerabilities set new records for Microsoft in its monthly patch process.

"This is very rich lot," said Minoo Hamilton, a senior security researcher with patch management vendor nCircle. "There's everything in here from Windows Explorer and Internet Explorer to Word and Excel and PowerPoint."

Every one of the half-dozen bulletins marked critical should be paid attention, said Hamilton. "They're all remotely exploitable, and in some cases across the [OS] board."

Several of the updates fix flaws that hackers are already exploiting, including MS06-057, which patches the WebViewFolderIcon bug known -- and used -- since the end of September. Others patching already-exploited vulnerabilities include the MS06-058 update for Microsoft Office PowerPoint and MS06-060, a fix for Microsoft Word.

Office, in fact, accounted for 62 percent of the bugs patched Tuesday and 86 percent of those marked critical. Microsoft's suite has been under the gun since May, when a vulnerability in Word was fixed, and has been the subject of prognosticators for months.

"Attackers have an increasing tendency to exploit vulnerabilities in desktop applications rather than network infrastructure," said Oliver Friedrichs, director of the Symantec's security response team, in an e-mail. "The quantity of Microsoft Office vulnerabilities this month illustrates this emerging attacker focus and users should consider the installation of these patches to be critical."

The Office vulnerabilities make lucrative targets for attackers, added Don Leatham, the director of solutions and strategy at Patchlink. "The hacker community is driving more and more toward creating as many botnets as possible, and the easiest way to get them is in the end-user part of the enterprise. The number of bugs within Office shows that concerted effort."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
2019 State of DevOps
2019 State of DevOps
DevOps is needed in today's business environment, where improved application security is essential and users demand more applications, services, and features fast. We sought to see where DevOps adoption and deployment stand, this report summarizes our survey findings. Find out what the survey revealed today.
Commentary
Will AI and Machine Learning Break Cloud Architectures?
Lisa Morgan, Freelance Writer,  6/10/2019
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
Humans' Fascination with Artificial General Intelligence
Guest Commentary, Guest Commentary,  6/6/2019
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll