Microsoft has released what security experts are calling one of the most significant security fixes this year. On Tuesday morning, the software maker pushed out nine sets of patches, called updates in Microsoft parlance, fixing a total of 14 bugs in its software. Six of these updates are rated critical by Microsoft, meaning that attackers could exploit the flaws with no user action required. The other three updates are rated important. It is the largest set of updates released by Microsoft since February.
"People should definitely cancel their dinner plans and make sure they take this one seriously because both the breadth and impact of these are important," said Don Leatham, director of solutions and strategy with PatchLink. "This is an intense month."
"People should definitely cancel their dinner plans and make sure they take this one seriously because both the breadth and impact of these are important," said Don Leatham, director of solutions and strategy with PatchLink. "This is an intense month."
Leatham is particularly concerned with the MS07-046 update, which fixes a critical flaw in the graphics rendering system used by Windows. The flaw lies in the Windows graphics device interface software used to send graphics data to printers and monitors. Microsoft says that attackers could exploit this flaw by tricking a victim into opening a specially crafted e-mail attachment, but because the bug lies in a core component of Windows, Leatham believes that there may be other ways to exploit the flaw. "I think this will be a target of the hacking community," he said. "if it's clear down in the graphics rendering engine, I'm assuming that there may be other ways to exploit this because the graphics rendering engine is used by many applications." The flaw affects all supported versions of Windows, except Windows Vista and Windows Server 2003 Service pack 2.
Three other patches, fixing critical flaws in Excel and Internet Explorer should also be given priority, said Amol Sarwate, manager of Qualys's vulnerability research lab. Those updates are MS07-044 , MS07-045, and MS07-050. These desktop applications are generally the weakest link in corporate security and are increasingly being targeted by attackers, Sarwate said. All of the vulnerabilities patched Tuesday affect some components of the desktop, Sarwate noted. None of the bugs patched Tuesday had been publicly disclosed, he said.
Other critical updates relate to the XML Core Services used by Internet Explorer to process XML pages and the Object Linking and Embedding technology used by some Windows applications. The less-critical updates fix bugs in the Windows Media Player , Microsoft Virtual PC and Virtual Server, and in Windows Gadgets. With 50 security updates now released, Microsoft has kept pace with last year's patch output. By August of 2006, Microsoft had issued 51 updates.
















(y)
That one WMP11 update is 8.5MB alone. (936782)
2. We know the size of the updates, this is by far the LEAST RELEVANT information you could provide about an update, it's size. But thank you for providing the size in megs AND bytes for us, that was very helpful and will help us to decide if we want to apply this security update.
3. It checked at 3:29 but didn't pick them up because they are released at noon, pacific time presumably. But my real comment is again : how does what time your computer installed the updates make any difference to anyone?
Why am I being such a dink to you? It's not so much you as the 1000 other people who also felt the need to tell us this crap.
Just installed Office 2003 on here. Had 15 updates for that!
Man, so intense...that they could still wait until Tuesday. If they were so earth-shattering, why weren't they put out sooner?
---
1122213453431341241234 blades
took a long time to log in...
anyone else had this problem?
LMAO that doesn't read very good, try again
When auto update has errors and does not update, it is generally becasue one update failed, all i usually do is find the failed update manually donwload and install it, after that auto update works fine again
Yet I am able to get Windows Updates if "Automatic Updates" is on. Is this normal?
most of whcih are pretty dodgy and only work until it si again upgraded, although i know a few that use illegitimate copies even though they have legitimate licenses cause the actvation can be soooo anoying
http://news.com.com/8301-10784_3-9752986-7.html
In what appears to be a monthly patch cycle, Apple today released Security Update 2007-007. This update affects users of Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 and Mac OS X Server v10.4.9 and fixes fifty vulnerabilities with half as many patches. It appears Apple is clearing house in advance of the annual Black Hat security conference; the iPhone vulnerability was reported by one of Black Hat's scheduled speakers, Charlie Miller. This update is available from within Mac OS X via the Software Update pane in System Preferences, or from Apple's Software Download .
The concept existed back in '95. Nothing new or revolutionary.
Its the typical crap, "ooh, Windows has patches, but [product] has even more!" its trying to prove something is good by finding something worse out there. I wonder sometimes if these people actually don't want to see faults found and corrected.
Its the typical crap, "ooh, Windows has patches, but [product] has even more!" its trying to prove something is good by finding something worse out there. I wonder sometimes if these people actually don't want to see faults found and corrected.
totally agree, it appears a lot of the time that people get annoyed when patches are released. i don't get it it is stupid if you ask me patches only do good, well done to MS for fixing ithe bugs and while i am at it good on you apple for fixing some too.
Time to do a little experimenting - in the meantime, I'll just have to drop it into the cradle on my desktop to sync. *sigh* Such a hard life... ;-)
hey look, yet another idiot that has never tried vista for more then 60 seconds....
hey look, yet another idiot that has never tried vista for more then 60 seconds....
these are the most annoying posts, "well if you don't like it it must be casue you have not used it", i have used it lots and even a little more, and it SUX, even if you leave it the 2 days it takes to index (which i still say is crap)
hey look, yet another idiot that has never tried vista for more then 60 seconds....
these are the most annoying posts, "well if you don't like it it must be casue you have not used it", i have used it lots and even a little more, and it SUX, even if you leave it the 2 days it takes to index (which i still say is crap)
They downloaded in Microsoft Update, but nothing would install. No error code or anything.
Even Automatic Updates wouldn't install them.
Using Windows XP Pro x64 SP2 (Genuine)
Really odd..
"Sorry babe, I'm gonna have to cancel our date tonight, I've gotta go home and patch my computer"
That would go over well...
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.