HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 7 MINUTES AGO.
You are here: Home / Microsoft/Windows / Patch Tuesday To Fix Windows, Office
Mobile Fraud Impact:
Device intelligence uncovers hidden layers of risk in mobile transactions.
Download the free report
Patch Tuesday Will Fix Flaws in XP, Windows 7, Servers
Patch Tuesday Will Fix Flaws in XP, Windows 7, Servers
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JULY
09
2010
Microsoft is preparing for July's Patch Tuesday, which centers on Windows and Office. With only four bulletins -- compared to 10 bulletins with a record-tying 34 vulnerabilities in June -- IT admins can breathe at least a partial sigh of relief.

Still, there's plenty to patch in July, including a vulnerability a Swiss Google engineer made public in June. Google engineer Tavis Ormandy published attack code for a vulnerability in Windows XP's Help and Support Center, which lets users access and download Microsoft help files from the Internet. Support technicians also use the Help and Support Center to launch remote support tools on a PC.

Ormandy has been criticized because he only gave Microsoft five days to fix the problem before going public with details about how hackers could write malicious code to exploit the flaw. Sophos Security Consultant Graham Cluley called it an "irresponsible disclosure." Making matters worse, Microsoft said the flaw also affects Windows Server 2003.

Exploring Windows Flaws

"Keeping IT professionals as busy as the air-conditioning units in New York City this week, Microsoft announced today that next Tuesday they will release four security bulletins to address five separate current vulnerabilities, with three that are rated critical and one of the critically rated bulletins requiring a restart of server-class machines," said Don Leatham, senior director of solutions and strategy at Lumension.

Bulletins 1 and 2 both affect Microsoft Windows -- and they are both rated critical. The vulnerabilities could allow remote code execution, typically the most-feared exploit.

Leatham said Bulletin 2 will have a huge impact because it affects Windows 7 desktop users and Windows 2008 R2 servers, which are Microsoft's most current and widely deployed desktop and server solutions. IT departments with Windows 7 and/or Windows 2008 R2 should be ready to prioritize this bulletin, he warned.

Exploring Office Flaws

Bulletin 3 and 4 affect Microsoft Office. While Bulletin 3 is rated critical, Leatham said IT admins should feel fortunate that its impact will be limited to only those organizations that have built applications and processes using Microsoft Access.

Bulletin 4 is only rated important. Nonetheless, Leatham strongly encouraged users to pay attention to this since it addresses a vulnerability in Microsoft Outlook, Microsoft's popular e-mail client. Vulnerabilities in e-mail clients are always a concern, he said.

As Leatham sees it, the good news is that with the release of these four bulletins next week, Microsoft will take care of the two recent security advisories -- the vulnerability in the Canonical Display Driver that could allow remote code execution, and the Google-exposed flaw -- that have been under attack now for a few weeks.

Meanwhile, security researchers are still irate about how Ormandy handled his disclosure. "A responsible security researcher would have been happy working with Microsoft on a successful resolution of the issue, and only shared details once a safe patch had been developed," Cluley said. "Five days isn't a sensible period of time to expect Microsoft to develop a fix which has to be tested thoroughly to ensure it doesn't cause more problems than it intends to correct."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Waiting in a monster line is rough on customers. Transactions that involve tedious document scanning? Even scarier. Meet the KODAK ScanMate i1150. A smart, responsive little beast from Kodak Alaris that fits easily on a desk or counter--and has an "overdrive" button that devours stacks of 10 even faster. It can even sense a jam and stop in its tracks. Fiercely reliable. Well behaved. Look closer.
MORE IN MICROSOFT/WINDOWS
Product Information and Resources for Technology You Can Use To Boost Your Business
© Copyright 2015 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.