HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 7 MINUTES AGO.
You are here: Home / Microsoft/Windows / Patch Tuesday To Fix Windows, Office
Barium Ferrite (BaFe):
Higher Capacity, Superior Performance, Longer Archival Life
www.thefutureoftape.com
Patch Tuesday Will Fix Flaws in XP, Windows 7, Servers
Patch Tuesday Will Fix Flaws in XP, Windows 7, Servers
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JULY
09
2010


Microsoft is preparing for July's Patch Tuesday, which centers on Windows and Office. With only four bulletins -- compared to 10 bulletins with a record-tying 34 vulnerabilities in June -- IT admins can breathe at least a partial sigh of relief.

Still, there's plenty to patch in July, including a vulnerability a Swiss Google engineer made public in June. Google engineer Tavis Ormandy published attack code for a vulnerability in Windows XP's Help and Support Center, which lets users access and download Microsoft help files from the Internet. Support technicians also use the Help and Support Center to launch remote support tools on a PC.

Ormandy has been criticized because he only gave Microsoft five days to fix the problem before going public with details about how hackers could write malicious code to exploit the flaw. Sophos Security Consultant Graham Cluley called it an "irresponsible disclosure." Making matters worse, Microsoft said the flaw also affects Windows Server 2003.

Exploring Windows Flaws

"Keeping IT professionals as busy as the air-conditioning units in New York City this week, Microsoft announced today that next Tuesday they will release four security bulletins to address five separate current vulnerabilities, with three that are rated critical and one of the critically rated bulletins requiring a restart of server-class machines," said Don Leatham, senior director of solutions and strategy at Lumension.

Bulletins 1 and 2 both affect Microsoft Windows -- and they are both rated critical. The vulnerabilities could allow remote code execution, typically the most-feared exploit.

Leatham said Bulletin 2 will have a huge impact because it affects Windows 7 desktop users and Windows 2008 R2 servers, which are Microsoft's most current and widely deployed desktop and server solutions. IT departments with Windows 7 and/or Windows 2008 R2 should be ready to prioritize this bulletin, he warned.

Exploring Office Flaws

Bulletin 3 and 4 affect Microsoft Office. While Bulletin 3 is rated critical, Leatham said IT admins should feel fortunate that its impact will be limited to only those organizations that have built applications and processes using Microsoft Access.

Bulletin 4 is only rated important. Nonetheless, Leatham strongly encouraged users to pay attention to this since it addresses a vulnerability in Microsoft Outlook, Microsoft's popular e-mail client. Vulnerabilities in e-mail clients are always a concern, he said.

As Leatham sees it, the good news is that with the release of these four bulletins next week, Microsoft will take care of the two recent security advisories -- the vulnerability in the Canonical Display Driver that could allow remote code execution, and the Google-exposed flaw -- that have been under attack now for a few weeks.

Meanwhile, security researchers are still irate about how Ormandy handled his disclosure. "A responsible security researcher would have been happy working with Microsoft on a successful resolution of the issue, and only shared details once a safe patch had been developed," Cluley said. "Five days isn't a sensible period of time to expect Microsoft to develop a fix which has to be tested thoroughly to ensure it doesn't cause more problems than it intends to correct."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.
MORE IN MICROSOFT/WINDOWS
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
The FBI is pointing the finger of blame for the Sony Pictures cyberattack directly at North Korea. The hackers stole confidential data and caused the movie giant to can its new comic film, "The Interview."

ENTERPRISE HARDWARE SPOTLIGHT
Remember the classic BlackBerry that took the cell phone market by storm in its heyday? Well, it’s retro time at the Canadian handset maker as it rolls out the aptly-named BlackBerry Classic.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.