Quantcast
PCWorld.com is upgrading some back-end systems. Some site features, such as user registration, may be temporarily unavailable.
Subscribe to magazine

Microsoft Readies a Dozen Patches

Tuesday update will patch Word bug, change how IE handles ActiveX controls.

Robert McMillan, IDG News Service

  • 0 Yes
  • 0 No

Windows administrators will be busy next week, as Microsoft plans to release a whopping 12 security patches for its products. The updates will include a fix for a widely reported vulnerability in Microsoft Word, as well as changes to the way Internet Explorer handles ActiveX that might cause headaches for some.

Nine of the patches will address vulnerabilities in the Windows operating system, some of which Microsoft rates critical, according to the security bulletin about the patches. There will also be one "Important" fix for Microsoft Exchange, and two patches for Microsoft Office, including software that repairs the Word bug.

Word Hole Targeted

In May, hackers began e-mailing the Word malware to a handful of victims--mostly within government agencies or contractors--in a series of extremely targeted attacks, said Johannes Ullrich, chief research officer at the SANS Institute.

But as knowledge of the Word flaw has spread, researchers like Ullrich fear that it may be used in a more widespread attack. The vulnerability can be exploited to run unauthorized software on PCs, although users must first be first tricked into opening a maliciously encoded Word document.

Microsoft also plans to finalize changes to the way IE processes dynamic content using ActiveX. Microsoft is changing the way IE works in response to a 2003 patent lawsuit loss to the University of California and Eolas Technologies.

The changes will force developers to reprogram parts of their Web sites and intranets. Otherwise, IE will force users to click on a pop-up "tool tip" dialog box before being able to interact with things like Flash or QuickTime.

Time to Update

Microsoft has actually been rolling these changes into IE for months, but has offered users a "compatibility patch" that allowed IE to work on Web sites that had not been reprogrammed. With Tuesday's updates, though, there will be no way to avoid the ActiveX changes.

The biggest headache, however, will come from the sheer number of updates being released Tuesday, said Susan Bradley, chief technology officer with Tamiyasu, Smith, Horn and Braun, Accountancy.

Complicating matters is the fact that these patches will be released in the middle of Microsoft's Tech-Ed user conference.

"I'll be at Tech-Ed in Boston and deciding if I remotely patch over the weekend or not," Bradley said via e-mail.

  • Recommend this story?
  • 0 Yes
    0 No

"Microsoft Readies a Dozen Patches" Comments

 

Featured APC Accessories

  • APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
  • APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.

People who read this also read:

Sponsored Links