Network Computing is part of the Informa Tech Division of Informa PLC
Microsoft Fixes 23 Flaws, Including Bug With MSBlast Potential
Microsoft on Tuesday published 12 security bulletins for Windows and Office that patched 23 vulnerabilities, 16 of which the Redmond, Wash. developer tagged as "critical." Both the number of bugs disclosed and the tally of critical fixes broke previous records.
Ten of the updates addressed flaws in Windows, while 2 affected Microsoft Office or one of its bundled applications. According to security analysts, several of the bulletins patch vulnerabilities that are already being exploited in the wild, including one used to attack the PowerPoint presentation maker just days after July's security updates were revealed.
Security analysts immediately pegged MS06-040 bulletin as the fix to apply first.
In an alert to customers of its DeepSight threat system, Cupertino, Calif.-based Symantec noted that MS06-040, which fixes a flaw in Windows' Server service, should be patched pronto. "At least one exploit for the issue has already been developed, and as such may be released soon," Symantec stated. "The issues can be exploited by an anonymous user against Windows XP
SP2 to execute arbitrary code, making it a prime candidate for a worm."
Mike Murray, director of research at vulnerability management vendor nCircle, was even more adamant about MS06-040's potential.
Recommended For You
With the move to the cloud, CISOs must shift priorities from operating security programs to overseeing (monitoring and auditing) outsourced cybersecurity programs.
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.
Age is only a number. Don't let a high number cancel your career.