Fighting malware and spam
Patch Tuesday brings Word relief at last
Security fixes also reveal serious flaw in OneCare and Defender.
Microsoft's monthly Patch Tuesday security release has yielded the expected 12 patches, including several covering a number of the Office bugs that have been exploited for some time. The release also contains a patch for a 'critical' flaw in the software behind several of Microsoft's security products, including anti-virus software Windows Live OneCare and spyware-blocker Windows Defender.
Two of the patches, MS07-014 and MS07-015, each cover several vulnerabilities in Word and other Office document formats, many of which have been used as vectors for attack with a number of publicly known exploit techniques thought to be in use by hackers. MS07-015 is a replacement for a previous patch, itself replacing an earlier version, which has been shown to have failed to properly fix the problem in question. The numerous Office bugs, and the length of time taken to fix them, have brought considerable criticism of Microsoft's patching policy.
'These fixes have certainly been a long time coming,' said John Hawes, Technical Consultant at Virus Bulletin. 'Sometime soon Microsoft is going to have to see sense and start getting patches out there faster, rather than expecting users to wait weeks or even months before they can protect themselves against attacks using flaws in these major products.'
Another of the batch of fixes, MS07-010, fixes a severe flaw in the PDF document handling of the Microsoft Malware Protection Engine, a component in OneCare, Windows Defender, and gateway products Antigen and Forefront. A maliciously crafted PDF could be used to gain remote access to a machine running any of these products; users of multi-engine products Antigen and Forefront are advised to disable the Microsoft engine and rely on detection from other providers until the patch is applied.
A summary of all the patch releases, with links to more details and downloads of the patches themselves, is here.
14 February 2007
Tags:
del.icio.us 
digg this
ARF published as IETF standard
Abuse report format helps auto-handling of email complaints
02 September 2010
Microsoft releases new fix for DLL vulnerability
Earlier workaround believed to be too complex for most users.
01 September 2010
Malicious tweets link to fake TweetDeck update
Twitter resets passwords for accounts that appear to have been hacked.
01 September 2010
94% of Internet users befriend unknown 'good-looking woman'
Sensitiva data shared after two-hour chat. (1 comment)
31 August 2010
Investment boost for Quick Heal
Indian security firm gets hefty cash injection.
27 August 2010
Quick Links
 |
 |
 |
Poll
When do you install software updates?Leave a comment
View 12 comments
2 hours ago
6 hours ago
Virus Bulletin
In this month's magazine:- VB100 – Windows Vista Business Edition Service Pack 2
- Apple pie order?
- Anti-unpacker tricks – part eleven
- Advanced exploit framework lab set-up
- HTML structure-based proactive phishing detection
- What’s the deal with sender authentication? Part 3
Subscribe now!
Virus Bulletin currently has 208,224 registered users.