* Microsoft releases its biggest patch
* Includes fixes on Windows 7, week before launch (Adds background, analyst quote)
SEATTLE, Oct 13 (Reuters) - Microsoft Corp (MSFT.O) issued its biggest software patch on record on Tuesday to fix a range of security issues in its programs, including the yet to be released Windows 7 operating system.
In a monthly update sent to users of its software, Microsoft released 13 security bulletins, or patches, to address 34 vulnerabilities it identified across its Windows, Internet Explorer, Silverlight, Office and other products.
It said six of the patches were high priority and should be deployed immediately. The patches -- which update software to write over glitches -- are designed to protect users from hackers or malicious software downloaded from the Internet.
Several of the patches affect Windows 7, the software maker's new operating system, which will be officially unveiled next week, but has been widely used in test versions.
Such an early sign of security issues on Windows 7 is potentially worrisome for Microsoft, which is hoping its new operating system will erase bad feelings among many customers who bought the predecessor, Vista.
A Microsoft spokesperson could not immediately say whether the company had identified further security problems with Windows 7. The company generally does not disclose such problems until it has patches available.
The vulnerabilities in Windows 7, including the risk of having a PC taken over by a hacker, were serious flaws, but to be expected, according to Dave Marcus, senior researcher at software security firm McAfee Inc (MFE.N).
"As long as human beings are writing code there are always going to be vulnerabilities," he said.
Tuesday's update included the largest number of patches to be issued on a single day by Microsoft.
Corporate users will need to test the patches before they deploy them to make sure they do not cause machines to crash because of compatibility issues with existing software. (Reporting by Bill Rigby and Jim Finkle; editing by Carol Bishopric and Andre Grenon)
Windows 7 Security Holes Plugged in Massive Microsoft Patch Tuesday :
Microsoft releases its biggest Patch Tuesday update ever, bundling fixes for 34 vulnerabilities in a baker's dozen of security bulletins. Most of the bulletins deal with security issues in Windows, including six bulletins affecting Windows 7.
Microsoft issued a massive Patch Tuesday update Oct. 13 to address 34 vulnerabilities across its products.
The vulnerabilities are covered by 13 security bulletins, and span Microsoft Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools and SQL Server. Eight of the bulletins were given a critical rating, Microsoft's highest severity classification.
To read about how Microsoft Security Essentials could benefit businesses, click here
.
Microsoft says:
Microsoft said that eight of the bulletins were rated as critical - the most serious sort of vulnerability.
The security patches will close loopholes in many different programs including different editions of Windows, Internet Explorer and some elements of Office.
One update, rated as critical, tackles a loophole in Internet Explorer 8 running under Windows 7. The next version of Microsoft's operating system is due to be released on 22 October.
Most people will get the updates automatically but links to download them can also be found on Microsoft's security pages. Once applied to a PC, the machine will need to be re-started before the fixes take effect.
In a blog posting giving an outline of the updates, Jerry Bryant, a Microsoft security expert, said two of the fixes were for problems flagged up in earlier advisories.
One of those loopholes, for the File Transfer Protocol (FTP) bundled in with Microsoft's Internet Information Server, is already being exploited by some hi-tech criminals.
Windows is by far the most popular target for cyber criminals and the vast majority of the millions of malicious programs, including worms and trojans, are aimed at the operating system.
Prior to the bumper October security update, Microsoft's biggest ever update was released in June 2009. That package of 10 fixes tackled 31 vulnerabilities.
Microsoft typically issues its updates on the second Tuesday of every month. It started this regular monthly update system in late 2003.
No comments:
Post a Comment
plzz do comment