 
|
|
In partnership with:
11 April 2007 Microsoft gets patchingEleanor Dallaway Microsoft and security researchers are investigating reports of several potentially serious bugs affecting Microsoft Office. These concerns surface just 24 hours after Microsoft released five critical bulletins this Patch Tuesday and one out-of-cycle patch. Deemed vital enough to release early, its severity is causing concern. “The out of cycle patch should take priority over the others”, says Alan Bentley, Managing Director of Patchlink. “When Microsoft feels a patch is important enough to release outside of the normal schedule, it should be taken very seriously”. The out-of-cycle emergency patch was released to fix a bug that hackers could exploit in Windows’ animated cursor handling process. Experts believe that Microsoft’s willingness to release key patches early is an indication that they are listening to their customers rather that sticking to its own agenda. Karthik Raman of McAfee however, says, “This is yet another time that zero-day flaws have been published around a Patch Tuesday, possibly to maximise the public’s exposure to these flaws until next month’s Patch Tuesday”. One of the patches released stemmed from concern that memory corruption vulnerability in Microsoft’s content management server (MSO7-018) could allow hackers to run remote code in the context of the IIS web server. Four other patches concerning remote code execution were also released. Vulnerabilities in this area are often a vehicle for botnets and other targeted attacks, so it is crucial that they are patched quickly. “While the focus is on Microsoft patches, IT administrators need to be aware of patches that are being released from other vendors. Just deploying Microsoft patches is not enough”, concludes Bentley.
|
|