Patch Tuesday brings Word relief at last

Security fixes also reveal serious flaw in OneCare and Defender.

Microsoft's monthly Patch Tuesday security release has yielded the expected 12 patches, including several covering a number of the Office bugs that have been exploited for some time. The release also contains a patch for a 'critical' flaw in the software behind several of Microsoft's security products, including anti-virus software Windows Live OneCare and spyware-blocker Windows Defender.

VB100

Two of the patches, MS07-014 and MS07-015, each cover several vulnerabilities in Word and other Office document formats, many of which have been used as vectors for attack with a number of publicly known exploit techniques thought to be in use by hackers. MS07-015 is a replacement for a previous patch, itself replacing an earlier version, which has been shown to have failed to properly fix the problem in question. The numerous Office bugs, and the length of time taken to fix them, have brought considerable criticism of Microsoft's patching policy.

'These fixes have certainly been a long time coming,' said John Hawes, Technical Consultant at Virus Bulletin. 'Sometime soon Microsoft is going to have to see sense and start getting patches out there faster, rather than expecting users to wait weeks or even months before they can protect themselves against attacks using flaws in these major products.'

Another of the batch of fixes, MS07-010, fixes a severe flaw in the PDF document handling of the Microsoft Malware Protection Engine, a component in OneCare, Windows Defender, and gateway products Antigen and Forefront. A maliciously crafted PDF could be used to gain remote access to a machine running any of these products; users of multi-engine products Antigen and Forefront are advised to disable the Microsoft engine and rely on detection from other providers until the patch is applied.

A summary of all the patch releases, with links to more details and downloads of the patches themselves, is here.

14 February 2007

Tags:    del.icio.us  digg this! digg this

Poll

Do you use the same password(s) across multiple websites?
I use the same password for all sites
I have a number of passwords but use the same for some sites
I use a different password for each site
I don't sign up to any sites that require a password

Leave a comment
View 4 comments
Jobs Recruit Sidebar

Malware Prevalence

Agent |#######################|
OnlineGames |#################|
Kryptik |#############|
Heuristic/generic |#####|
Heuristic/generic |#####|
 View this month's full report
Virus Bulletin currently has 190,550 registered users.