Microsoft Releases Fix for Security Flaws

Technology - Reuters ^ | Tue Nov 11, 5:08 PM ET | Reuters

[JohnSmithee]

SAN FRANCISCO (Reuters) - Microsoft Corp. (Nasdaq:MSFT - news) on Tuesday released its latest batch of security updates to fix four new holes in its software, including three that are rated "critical."

All of the holes could allow an attacker to run malicious code on a user's computer, the Redmond, Washington company said.

The critical holes affect the Internet Explorer Web browser and Windows 2000 (news - web sites) and Windows XP (news - web sites). The two Windows holes do not affect Windows Server 2003. The IE hole is rated "moderate" for Windows Server 2003.

An "important" rating was given to a fourth hole found in Office 97, Office 2000 and Office XP, but not the 2003 version.

No customer has been harmed as a result of the holes, but Microsoft has seen discussion on security e-mail lists and elsewhere of ways to take advantage of the IE hole, said Stephen Toulouse, security program manager for Microsoft's Security Response Center.

Previously, Microsoft regularly released security patches every Wednesday, but recently switched to monthly releases, the second Tuesday of every month. This is the second release of patches under the new monthly cycle.

The change was made to make it easier for customers to install the patches, said Toulouse. Now, companies need to have extra staff around for the procedure and to restart patched computers once a month rather than weekly, he added.

Microsoft launched an initiative in early 2002 to improve the security of its products, including offering special training for its developers.

Last week, the company said it would offer two $250,000 rewards for information leading to the arrest and conviction of whoever is responsible for the Blaster worm and SoBig.F e-mail virus.

Last month, Microsoft reported an unexpected dip in corporate contracts during the September quarter due to customer concerns over the security of its products.

Security bulletins can be downloaded from www.microsoft.com/security.

[rs79bm]

Software update BUMP.

[GeronL]

man!! This happens too often!

[martin_fierro]

FREE PC PROTECTION: (Not an exhaustive list. Your results may vary. Void where prohibited. For entertainment purposes only. No wagering, please. Whattayawantfernuthin'.)

Alternative browsers: Mozilla Opera AVG Anti-Virus Free Edition: Free anti-viral protection Popup ad killers: Bayden Systems Popup Popper: Blocks popup ads well in MSIE Shoot the Messenger: Close that friggin' Messenger in Windows XP Spyware removers: Spywareblaster - Prevents Spyware from being installed in the first place Spybot S&D AdAware MailWasher: Good for pre-screening & bouncing SPAM Windows Update: At least install the critical ones ZoneAlarm: Excellent Firewall Test your firewall from without with ShieldsUP! Test your firewall from within with LeakTest

[TheBattman]

Microsoft Releases Fix for Security Flaws

Maybe it's time for a new article title - this has become such a common headline that I ignore them most of the time. Why don't we just have Jim Rob put up a permanent title for this subject - it would save a lot of trouble posting when MS releases a security fix....

[Wacka]

Forgot one- Buy a Mac!

[martin_fierro]

Buy a Mac!

Oh, right. There's a free fix. <|:/~

[monkeyshine]

I tried to download this patch, and after it downloaded a window popped up which said something like "not approved by microsoft, install aborted". Any idea what's up with that?

[gcruse]

I had the fix come in from my automatic update around two in the afternoon. Didn't have to go to MS at all.

[js1138]

Folks ought to check out the latest CPU Magazine. There's an article saying that judges have been ordering Microsoft to remove software for people's computers via Windows Update. The author called it the judicial virus.

[monkeyshine]

Yes, mine was automatic update as well. Still came in as "not approved my ms".