Thursday, 14 August 2008

Microsoft’s Patch Tuesday Picks Up 26 Vulnerabilities

In this week’s Patch Tuesday, Microsoft has released 11 Security Bulletins addressing 26 vulnerabilities in its Windows operating systems and other software.

The eleven patches , published on Microsoft's monthly schedule, included six fixes rated Critical, Microsoft's highest rating of severity, and five updates rated Important, the company's second highest. On patch, a cumulative update for Internet Explorer contained half dozen vulnerabilities that could be used by an online attacker to remotely exploit a victim's computer, according to Microsoft's security bulletin .

Four of the critical bulletins addressed vulnerabilities in Office. Those patches included fixes for an ActiveX control in Office 2003 and older, flaws in Office filters, Powerpoint and Excel. All four could be used by an attacker to remotely execute code.

Also fixed was an information disclosure flaw in the IPSec software for Windows Vista and Server as well as a remote code execution vulnerability in the Windows Event System component for all versions of the operating system.

The updates are available through Microsoft Update or Automatic Updates . Office 2000 users can get Windows patches through either of those options, but will need to make a special trip to the Office Update page to grab the Office patches.

Microsoft recommends that users set their systems to automatically download updates from the company's Windows Update service.