MS moves to plug security leaks

Microsoft has released patches for 19 flaws affecting several products including Internet Explorer 7, Office 2007 and Exchange 2007, in its latest patch update.

  • E-Mail
By  Administrator Published  May 17, 2007

Microsoft has released patches for 19 flaws affecting several products including Internet Explorer 7, Office 2007 and Exchange 2007, in its latest patch update.

All the vulnerabilities were described as critical - Microsoft's highest rating - suggesting an attacker could use them to gain full control of an affected system.

The firm said, however, most of the vulnerabilities could only be exploited after a user visited a web site containing malicious code or opened an infected file.

Microsoft published seven security bulletins as part of its monthly patch cycle, which took place on May 8. The firm has been issuing patches in this fashion to make it easier for administrators to plan their upgrade activity.

Microsoft's MS07-027 update fixes six flaws in Internet Explorer that could be exploited through malicious web sites, the firm said. Three updates deal with flaws in Office applications, including Office 2007, which affect the way the applications deal with certain files; an attacker could exploit them by sending a rigged Office file, Microsoft said.

The firm also released fixes for flaws in Exchange, including Exchange 2007, which could allow a system running the e-mail server to be compromised.

While Microsoft has put a lot of effort into making its newer products better protected, industry watchers said these latest flaws were a blow to its credibility.

Amol Sarwate, manager of the vulnerability research lab at Qualys, told Cnet the vulnerabilities "hurt Microsoft's security message".

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code