TELECOM Digest OnLine - Sorted: Microsoft Patch Tuesday Has Critical Side


Microsoft Patch Tuesday Has Critical Side


Elizabeth Millard (cio-today@telecom-digest.org)
Wed, 13 Jul 2005 19:50:45 -0500

by Elizabeth Millard, cio-today.com

Microsoft's monthly patch release comes with warnings on this
go-round. The company has noted that three of the flaws being fixed
already are being exploited by malicious hackers.

The vulnerabilities are in Windows and Office programs, and have
garnered the company's highest security rating of "critical."

Microsoft has urged users to patch their systems as quickly as
possible, and also to update to the latest version of Windows XP,
which offers more advanced security technology in its Service Pack 2.

Fixer Upper

One of the reported flaws affects the Microsoft Color Management
Module, a part of Windows that handles colors. Another is related to
the JView Profiler, a component of the company's Java Virtual Machine.

Both vulnerabilities could be used to take control of a PC remotely,
Microsoft has noted. Some security firms have seen attackers using the
JView flaw to download and install Trojans on users' machines.

Also updated this month is the Windows Malicious Software Removal
tool, which now removes variants of several viruses, including
Wootbot, Optix, Optixpro, Pacty and Prustiu.

Patch Cycle

The inclusion of patches for flaws that are being exploited actively
is not a new phenomenon, especially for Microsoft and its monthly
patch update, security experts have noted.

"Many times, patches are developed specifically because vulnerabilities
are being exploited, or have the potential to be," said Thomas
Kristensen, chief technology officer at security firm Secunia.

"The only difference with those is that they tend to speed up the
patching cycle," he added.

Security Minded

In releasing the patch round, Microsoft has emphasized a fresh focus
on security.

At Microsoft's Worldwide Partner Conference on July 10, security chief
Mike Nash noted that there has been progress made in several security
areas since 2003, when Steve Ballmer made a new commitment to address
security.

Nash unveiled enhancements to the Microsoft Partner Program Security
Solutions Competency, an initiative designed to support a broader set
of security services partnerships.

Although Nash detailed additional technology investment and
prescriptive guidance in the security field, he acknowledged that
there is more work to be done.

Copyright 2005 NewsFactor Network, Inc.

NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily.

*** FAIR USE NOTICE. This message contains copyrighted material the
use of which has not been specifically authorized by the copyright
owner. This Internet discussion group is making it available without
profit to group members who have expressed a prior interest in
receiving the included information in their efforts to advance the
understanding of literary, educational, political, and economic
issues, for non-profit research and educational purposes only. I
believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish
to use this copyrighted material for purposes of your own that go
beyond 'fair use,' you must obtain permission from the copyright
owner, in this instance, NewsFactor Network.

For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml

[TELECOM Digest Editor's Note: One of the reasons these patches are
occuring with increasing regularity is because the principal
organization which _could_ bring it all to a quick halt (ICANN) has
no real concern. In fact, I strongly suspect that in their corruption,
ICANN encourages spam and scam. The reason for that is, that ICANN
is _not_ interested in small computer site operators like most of
you or myself. The quicker Vint Cerf and his cronies at ICANN can
_drive us away_ -- make the net essentially unusable for the rest
of us -- the quicker they can make it available for the exclusive
use of businesses, etc. And Vint Cerf of course means MCI, one --
if not the biggest -- polluter of the net. PAT]

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: News Wire: "Microsoft Gives in to China's Demands"
Go to Previous message: News Wire: "New Microsoft Patches Already Getting Exploited"
TELECOM Digest: Home Page