Microsoft issues ten security patches

Fixes will address critical vulnerabilities in Windows and Office

  • E-Mail
By  Published  October 20, 2006

Microsoft has released ten security patches, which include critical fixes for both Office
and Windows applications.

The security bulletins are designed to fix more than two dozen flaws in Microsoft’s software the largest update this year to date, according to the security company Qualys.

Jonathan Bitle, manager for technical accounts at Qualys, told the Cnet news service that, “Although there are only ten patches, they address 26 vulnerabilities, and it’s the largest release for Microsoft this year.”

“This could be overwhelming for IT managers because they’ll have to navigate what
to patch and which to patch first,” he claimed.

A technical glitch meant that when the patches were rele- ased the company’s automated download service did not work.

This meant that the only way users could receive the security updates was to manually download the patches.

Of the patches that were released this month, seven were to fix vulnerabilities in Windows and three to fix flaws in Office.

In August Microsoft issued its second largest release, issuing 12 patches to correct
23 vulnerabilities.

According to Symantec the nature of this month’s patches proves the strategy now being adopted by attackers.

The firm told Cnet that these updates include patches for Office flaws for which exploit code already exists, including an Excel vulnerability which first emerged in July and a Word exploit that appeared in September this year.

Oliver Friedrichs, director of Symantec’s Security Response, commented: “The quantity of Microsoft Office vulnerabilities this month illustrates this emerging attacker focus.”

“Users should consider the installation of these patches to be a critical component of a smart security strategy,” he added.

Microsoft has said earlier in the month that it expected to release 11 patches.

However a company representative told Cnet that one of the fixes a critical patch for Windows did not “meet the quality bar” and would be part of next month’s updates.

From next month onwards Microsoft is to drop patching support for Windows XP
Service Pack 1.

It will also issue the last patch cycle in which Server Update Services (SUS) will be supported.

SUS users are being advised to upgrade to its Windows Server Update Services solution.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code