Patch Tuesday sets update record
It was already known this month’s ‘Patch Tuesday’ update would be the biggest of 2009. But with 31 fixes, 18 for problems ranked critical, it’s in fact the biggest of all time.
The most notable is a patch fixing eight different problems with Internet Explorer, affecting all editions including the current version 8. One deals with a vulnerability exposed at the Pwn2Own hacking contest at a security conference earlier this year.
For corporate users, there’s a particularly important fix for the Internet Information Services software used for Web servers. While the potential damage from the issue is only rated important (the second highest on Microsoft’s scale), it’s considered highly likely that hackers will target it; details of how to exploit at least one of the IIS bugs are already online.
Another fix deals with Excel. This is particularly important for anyone still using Office 2000 as the bug is most serious on this edition, but this package is no longer covered by the automatic update. A manual fix is available at http://www.microsoft.com/downloads/details.aspx?familyid=dd16e243-b8e2-4afb-86b6-4d60214598eb&displaylang=en
There is also a fix for the Mac edition of the various Office programs. That issue had caused controversy last month when Microsoft released a fix for the Windows version of the same bug, but had not yet finished a Mac fix. The company argued that delaying a fix until it had a universal solution would do even more harm by leaving Windows users unnecessarily exposed.
Critics said that announcing the vulnerability before fixing all machines putting Macs at risk of increased hacker interest. It doesn’t appear that any Macs were compromised as a result of the bug, but the timetable has still upset security firms who say accuse Microsoft of hypocrisy, saying the firm often puts them under pressure to keep security problems quiet until a solution is ready.
This month’s update doesn’t have a fix for a problem with DirectShow. Specifically there’s a security risk for Windows users watching streaming QuickTime movies online. While the problem remains unpatched, Microsoft recommends installing a workaround (http://support.microsoft.com/kb/971778) which stops PCs automatically playing such movies.
Related Posts:
