Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Microsoft Patches 18 Bugs; Two-Month Total Swells To 39

Microsoft on Tuesday rolled out 7 security updates for Windows and Office that fixed 18 bugs, a total that almost matched last month's 2006 record of 21 vulnerabilities.

Among them, said one security analyst, was the first flaw since August 2005 that could end up being used by a massive, network-attacking worm along the lines of Zotob, or even 2003's MSBlast.

MS06-035, one of the two critical bulletins for Windows, was immediately rated as a "10" by security vendor Symantec Tuesday, and named as the month's most dangerous vulnerability by Mike Murray, director of research at vulnerability management vendor nCircle.

"This is old-school," said Murray. "It's the real deal, an all-around vulnerability. The service runs by default and doesn't require authentication to attack."

According to Microsoft's explanation, the flaw is in Windows "Mailslot," a temporary data storage area, and could be used to hijack a PC simply by sending a malicious network packet over TCP port 445.

  • 1