Quantcast
Subscribe to magazine

Details on Today's Microsoft Patches

Monthly security updates include IE, Windows Media, and Visual Studio fixes.

Robert McMillan, IDG News Service

  • 0 Yes
  • 0 No

Microsoft today rolled out its monthly security updates for December, patching critical flaws in Internet Explorer, Windows Media Format, and the Visual Studio 2005 development software.

The seven security patches address 11 bugs, including two in the Windows Media Player software. However, no fixes were provided for two Microsoft Word flaws that have been used in a small number of attacks over the past week.

Media Player Patch Added

Microsoft had said it would release only six patches on Tuesday, but the company added the Windows Media Format update at the last minute after reports of attacks based on this vulnerability began surfacing. The Windows Media Format is used by Microsoft's Windows Media Player software.

In late November security vendors warned that a buffer overflow error could occur when the Windows Media Player processed ".asx" (Advanced Stream Redirector) media files, meaning that users would first need to be tricked into opening a malicious media file for the attack to work.

In its update Tuesday, Microsoft also patched a similar bug in the way the media player processes ".asf" (Advanced Systems Format) files.

IE Patch Details

The Internet Explorer patch fixes four bugs. It is also rated critical, and is noteworthy because some of these bugs will probably begin to be exploited by hackers by week's end, says Gunter Ollmann, director of IBM Internet Security Systems' X-Force threat analysis service.

Enterprise administrators should also pay close attention to an SNMP (Simple Network Monitoring Protocol) patch also issued today, Ollmann says.

Microsoft has rated this patch as important rather than critical because SNMP is normally blocked at the firewall and turned off by default on Windows systems. However, it is widely deployed as part of the network monitoring infrastructure in the enterprise, and is often used on critical servers, Ollmann says.

Ollmann believes this SNMP patch is the "most important" update for enterprise customers.

"Since the service is widely deployed in the enterprise and since it's commonly deployed on servers, we think this would be an important attack vector for enterprises," he says.

Visual Studio Patch

The remaining updates include a critical fix for Visual Studio 2005 and important updates for Windows and Outlook Express, Microsoft said.

Microsoft defines critical flaws as bugs that could allow the propagation of an Internet worm without any action on the part of the victim.

The company's next security updates are due January 9.

  • Recommend this story?
  • 0 Yes
    0 No

"Details on Today's Microsoft Patches" Comments

Related Software Articles

More Related Software Articles
  • Myth of the Million Dollar Database Think only the big boys can afford the best database solutions? Think again. Learn about low cost systems that have proven time and time again to outperform legacy UNIX vendors on a dollar for dollar basis.
  • The Future Sales Force - A Consultative Approach This white paper discusses the challenges of selling complex products and services, and the new skill sets sales professionals must employ in today's evolving market.

PC World's Marketplace

PC World's Free Whitepapers

Name City
Address 1 State Zip
Address 2 E-mail (optional)