Microsoft patches 23 security flaws (Here we go again)

Electronic News.Net ^ | August 9, 2006 | Ciara O'Brien

[Zakeet]

Microsoft, on Tuesday, issued yet another bumper crop of security updates to fix over 20 flaws in its software, its biggest update since it began the regular bulletins.

The 12 updates fix a staggering 23 flaws in Windows software, with 15 of them rated as critical, Microsoft's most severe rating. One of the 15 critical vulnerabilities has been tagged as a possible worm candidate; anonymous users can exploit the Service Server vulnerability remotely, regardless of the operating system.

Three of the flaws were discovered in Office products, including Powerpoint, while 20 were present in the Windows system. Mac users also need to beware, as the Powerpoint vulnerability can affect their systems.

Industry experts said that although 11 of the flaws were already known, the remaining 12 were discovered by Microsoft.

"This month 11 patched vulnerabilities were already public or were already exploited in-the-wild prior to [Tuesday's] announcements. Among them is the vulnerability in Powerpoint that was exploited in targeted attacks in mid-July," said security firm McAfee in a post on its Avert Labs blog.

This is the third month in a row that Microsoft has issued a large number of security patches for its software. In fact, according to McAfee, Microsoft has already dealt with more vulnerabilities this year than in 2004 and 2005 combined.

[1FASTGLOCK45]

Skooz wrote:

I updated mine this morning.


---How many Megabytes was your update?
I'll have to update later this evening.

[Cheburashka]

While XP needs all the help it can get, I doubt support of Win98/ME was taking much manpower.
---
Um, I think that was my point.

[Cheburashka]

No more Windows 98???????

What am I going to do now? Had this critter for 7 years and it's just starting to get broke in.

Shuuuuewwww, I'm still learning how to use all the new features I have now instead of that old 95 series.
---
I understand they have come up with even more exciting features, like computers that actually turn themselves off when you hit "shut down", instead of of just telling you it's now safe to turn off your computer, and making you do the actual work.

It's a wonderful thing, like when I discovered that Windows actually has a calculator built in.

No more taking off my shoes to count above ten.

[holymoly]

Um, I think that was my point.

Yup, that's what I figured.

But with all the FUD being spread about Win9x/ME the last few months, I made my post on the off chance someone might actually take you seriously.

Take this statement, for example:

"We recommend that customers who are still running Windows 98 or Windows Me upgrade to a newer, more secure Microsoft operating system, such as Windows XP"

It's hard to tell if Microsoft is joking, or not. Still, it had me rolling on the floor.

[wattojawa]

Microsoft must be joking when they say that as many computers running windows 98 or ME don't meet the minimum hard where requirements of windows xp though they could probably run windows 2000.

[Centurion2000]

Be advised that the MS06-040 vulnerability has a public exploit available now through MetaSploit.

Considering that EVERY server and workstation runs the server service by default, every system is vulnerable to this exploit.

MS and some others are saying this has the potential to be a Blaster or possibly a Nimda level of exploit/virus.