RSS FeedSecurity
Lazy Tuesday for Microsoft patchers

Lazy Tuesday for Microsoft patchers

Just four bugs squashed in monthly update

By | Published 09:34,

Patch Tuesday was quieter than usual for Microsoft users this month, with the company issuing just four security bulletins yesterday.

Four vulnerabilities were fixed in Windows, Visual Studio and the MSN and Windows Live Messenger software, setting a 2007 record for the fewest flaws fixed in a month's scheduled updates.

Also in this channel
Related Articles

 

Virtualisation, Big Data and BYOD

Check out our Business IT Hub for opinions and briefings. Read more

Only one of the four flaws was pegged critical, Microsoft's highest threat warning, while the other three were all labelled important, a notch lower.

Two security analysts pointed at MS07-054, the update for Microsoft's instant messaging clients – MSN Messenger and the newest Windows Live Messenger – as the one to deploy first. "It's the most interesting," said Andrew Storms, director of security operations at nCircle Network Security. "It's only rated important, but it patches a known vulnerability that's been publicly known for a week."

Messenger's webcam vulnerability was first reported late last month on a Chinese-language security mailing list, and exploit code for the flaw has made its way onto the internet. Users duped into accepting a malicious webcam or video chat invitation risked losing control of their PC to the attacker.

"This is the most important one," agreed Amol Sarwate, manager of Qualys' vulnerability lab. "It falls into this new trend of new media attacks using social engineering. By 'new media,' I mean exploits inside images, inside MP3 files and, in this case, inside [a] webcam session." Rather than rely on users to open infected attachments - a practice many users now know is dangerous – new media attacks hope that users' guards are down when they receive chat invitations via IM.

But one researcher fingered a different bulletin - MS07-051 - as the one to deploy pronto. "The most critical is the Microsoft Agent vulnerability," said Tom Cross, of IBM Internet Security Systems' X-Force, noting that the vulnerability could be exploited by well-known methods. To exploit it, an attacker would need to entice users to a malicious web site. "It uses a pretty common attack vector," he said, "and fits the profile of a lot of bugs."

1 2 continued on page 2 »

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

HP Business Answers

Join the discussion today

The HP Business Answers group is a vibrant community of small and medium sized business owners and employees. HP provides independent and expert advice in fields such as design, branding, taxation, technology, marketing or manufacturing so join today to network with over 6500 like-minded professionals.

Join the HP Business Answers Linkedin Community

Read the most recent discussions

Read more at the HP Business Answers Linkedin Community

ComputerWorldUK Resources

ComputerworldUK
Share
x
Open
* *