Microsoft patches 20 security flaws

Microsoft on Tuesday released fixes for 20 vulnerabilities in a variety of products including Windows, but none of the operating system flaws affect Vista.

The fixes arrived in a dozen security bulletins, released as part of Microsoft's monthly patch cycle. Six of the alerts were tagged "critical," the company's most serious rating. These flaws could enable an attacker to gain complete control over a vulnerable computer with no action, or minor action, on the part of the user, Microsoft warned.

The critical vulnerabilities are in Windows, Internet Explorer, Office and in Microsoft security tools such as Windows Live OneCare and Windows Defender. None of the Windows or Office flaws affect Vista or Office 2007, Microsoft's latest updates. However, Windows Defender ships as part of Vista, so the new operating system is at risk from that direction.

View: Full Article @ CNET

Report a problem with article
Previous Story

Sony to Consider Outsourcing Cell Production

Next Story

Response to Speculation on Next Version of Windows

13 Comments

Commenting is disabled on this article.

Dumb a** MS and their infinite wisdom of trying to update EVERYTHING, just screwed my computer up. All of a sudden, after a couple years of having XP Home on this machine, there were updates for the laser mouse and Via chipset.

Needless to say (but I will anyway) Via drivers caused an instant blue screen! Cripe! I haven't seen one of those since BEFORE W2K days!!

Stupid MS. Stick with what you may know at least a little something about, Windows updates, huh?!!

Also, so far, out of 5 computers running XP, 2 of them had more updates after the orignal scan found the 10 critical ones that were just released.

It says 20 security flaws, but for my XP SP2 install with Office 2k7 and IE7, I only have to d/l 11 updates in total, 1 of those was for IE7, 1 for Outlooks Junk E-mail filter, which was an update not a security bug, and 1 is the removal tool they always send, so really, only 8 patches for Windows for me.

Microsoft Security Bulletin MS07-010 affects Windows Defender. And, yes, even in Vista, according to Microsoft.

Microsoft Windows Defender and Windows Defender in Windows Vista

Prerequisites
This security update requires Windows Defender.

Removal Information
This update cannot be uninstalled from Windows XP, or Windows Server 2003.
This update can be uninstalled from Windows Vista.

Verifying Update Installation
To verify that the update has been applied to an affected system, perform the following steps:
1. Click Help, then click About Windows Defender.
2. Check the version number. If the Microsoft Antivirus engine build number reads 1.1.2101.0 or above, the update has been successfully installed.


Regardless of what you are running, just keep current on updates...

Digitalfox said,
Yeah, but that is just like updating anti-virus.. No big deal :)
Well, the implication that Vista was clear was not correct, so I clarified.

Regardless if you run Vista, XP, OSX, Linux, OpenBSD or whatever, you need to keep updated. Dismissing patches that are rated "Critical" because they allow "remote code execution" as no big deal is a big deal.