Advertisement
Promo

Security threats Toolkit

No Vista patch in Microsoft's updates

Joris Evers CNET News

Published: 14 Feb 2007 10:19 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Microsoft on Tuesday released fixes for 20 vulnerabilities in a variety of products including Windows, but none of the operating system flaws affect Vista.

The fixes arrived in a dozen security bulletins, released as part of Microsoft's monthly patch cycle. Six of the alerts were tagged "critical", the company's most serious rating. These flaws could enable an attacker to gain complete control over a vulnerable computer with no action, or minor action, on the part of the user, Microsoft warned.

The critical vulnerabilities are in Windows, Internet Explorer, Office and in Microsoft security tools such as Windows Live OneCare and Windows Defender. None of the Windows or Office flaws affect Vista or Office 2007, Microsoft's latest updates. However, Windows Defender ships as part of Vista, so the new operating system is at risk from that direction.

Microsoft used its February patch day to clear a backlog of "zero-day" flaws, or security holes that have been publicly disclosed but not fixed. Seven of the 20 vulnerabilities addressed by Tuesday's bulletins were zero-days, and five of those were in Office applications. Microsoft planned to issue patches for the Office zero-day bugs last month, but postponed their delivery.

Most of the Patch Tuesday flaws are only potentially harmful if people with vulnerable PCs visit a malicious website or open an infected document. For example, the Microsoft security tools could be compromised when they scan a rigged PDF file, according to the company's advisory.

The updates will be pushed out to Windows PCs that have enabled Automatic Updates. They are also available for manual download from Microsoft's website.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
15 out of 15 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:





Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters