Microsoft Patches Itself Up

Dennis Faas's picture

Concerned about gaping holes in Microsoft Word, Outlook Express, or Internet Explorer? With a handful of updates recently made available, users of these programs can rest a bit easier.

Microsoft has now made available six security updates for its products, filling holes in the above programs plus Kodak Image Viewer (which ships with Windows). The update itself fixes a total of nine bugs in MS software, four of which have been deemed critical. (Source: informationweek.com)

Perhaps the most frightening of the bugs is the one staring down college students as they ready for fall essays and exams. Microsoft Word's vulnerability, which the new patch promises to correct, can easily be exploited by hackers. How? By tricking that poor college student into opening a malware-laced Word document. Microsoft itself admits it's been a major concern, with security program manager Christopher Budd telling the media, "We're aware of very limited and targeted attacks". (Source: pcworld.com)

A patch to Internet Explorer is nothing new, and although the Word hole is certainly frightening, most security experts consider the IE fix the most desperately needed measure. The patch itself features four repairs for what may arguably be the most-used program in Microsoft's (or anyone's) repertoire.

Malware bandits are behind the most critical of Internet Explorer flaws. The most notable problem is one that allows a hacker to exploit a URL bug for phishing, or "spoofing" purposes. "The URL spoof has been known since at least July and it's the perfect tool for a phisher," said Andrew Storms, director of security operations for nCircle Network Security Inc.

Finally, the Outlook Express patch is being pushed on anyone who ever used the mail program -- even those that may have removed it. "The files in question are part of the core operating system, so what we tell people is if the bits in question are on the box then you should apply the security update," said Microsoft's Budd.

Looks like we've all got some updatin' to do.

Rate this article: 
No votes yet