Microsoft's Patch Tuesday round of updates for August fixed 19 critical vulnerabilities in its software, including five flaws in its Internet Explorer browser that security experts advise IT administrators to patch immediately.
19 'critical' releases in Patch Tuesday
The total of 11 security updates released yesterday is the largest round of Patch Tuesday updates Microsoft has released since last February and should give IT administrators plenty to do to secure their companies' systems. "People are going to be quite busy with this load," said Jason Miller, security data team leader for Shavlik Technologies, a patch-management software provider.
Six of the patches, which can be found on Microsoft's website, are rated as critical, while five are rated as important.
Miller and other security experts cited Microsoft Security Bulletin MS08-045, a Cumulative Security Update for Internet Explorer, as the top priority among this month's batch of updates. The update patches five privately reported vulnerabilities and one that already has been disclosed publicly and for which attack code already exists, which makes it a zero-day flaw.
See Security Advisor for the latest PC security updates
Don Leatham, director of solutions and strategy for Lumension Security, said the fact that the IE vulnerabilities affect HTML is enough reason to make patching them of the utmost importance, since the opportunity for exploitation is so vast. "Every website in the world uses HTML," he said. Lumension provides patch- and vulnerability-management software and services.
Shavlik's Miller said that the IE patches and another critical update released Tuesday that fixes a vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access - MS08-041 - are related because they both allow an attacker to create a website that takes advantage of these vulnerabilities. He listed them both as priorities for immediate installation.
Leatham also cited the Snapshot Viewer exploit as a high priority for IT administrators because many businesses use Access and its Snapshot Viewer tool extensively.
"You can be assured people are using the viewer to share information with partners, customers and internally given the popularity of the Office suite and how much businesses tend to use Access," he said.
An update that fixes a vulnerability in the Microsoft Windows Image Color Management System - MS08-046 - also should be installed immediately because it could allow an attack if a user navigates to a web page and views a particular graphic, researchers said. The colour-management system is part of the graphical subsystem of Windows.
"Given that [the vulnerability] is web-based and graphical, you definitely want to pay some special attention to that one," Leatham said.
Comments
Squillary said: Beryl Secunia SI was blocked by Defender prior to this update on a Vista machine so what you say isnt actually true nor very clever tbhFour different solutions - one optional one good one not advisable one alternativeOptional Defender can be uninstalled from the Control Panel - there are a few alternatives that arent quite so restrictive but also arent as goodGood In Vista not sure about XP theres an icon in the notification area bottom right near the clock you can right-click and individually start the programs blocked at boot-upInadvisable In Vista you can turn off UAC User Access Control altogether - at the expense of allowing programs to run without you knowing that you dont wantA 4th option is to run Secunia on demand rather than have it load at every boot and stay as a running application at all timesSecunia is unnecessary but very useful - not useful enough to stay resident after it does its job though
Beryl Russell said: Since Tuesdays updates Windows Defender is interfering in unacceptable ways I have 2 programmes in Start-up that it doesnt like and so it blocks them from starting When I open Windows Defender the option to enable these programmes is greyed over and unusable I cant find any way of disabling or uninstalling Windows Defender either I am quite happy with the safety and security of my machine using a Firewall anti-virus etc I chose to suit myself which has served me well up to now It says PC Tools Firewall Plus is unclassified It does allow it to run though It blocks Secunia and wont allow it to start at all When I tried to reboot it tried to stop that action too This is my PC not the property of Bill Gates and Microsht and Ill run what I dn well please on it How do I uninstall Windows Defender which I neither want nor need