No wonder 'bot armies' are so large

, posted: 14-Feb-2007 10:02

MS LogoIt's Patch Tuesday (or Patch Wednesday for us in the antipodes) again. My Windows Server 2003 SP1 box wants eight updates, six of which security patches, plus the Windows Malicious Software Removal Tool and a Daylight Savings Time fix.

The XP SP2 box with Office installed gets twelve high-priority updates. Looking through the February 2007 Microsoft Security Bulletin I count nine of patches to sort out remote code execution in some form, with six marked as Critical. All in all, around twenty megabytes worth of patches.

It appears the Help HTML ActiveX control can be compromised remotely, but the Big Fat Irony Award goes to KB932135. This hole in Microsoft's Malware Protection Engine allows remote code execution, and the issue affects all security products like OneCare, Defender, Antigen and Forefront for Exchange. That's irrespective of the operating system as well, so running Vista ain't going to save your bacon.

In other words, running Microsoft's security software could open your systems for cracking. That has got to be embarrassing for Microsoft and provides security bods with ample opportunities to shout "told you so! Redmond didn't learn the lesson from last time, which is to stay out of the security software business."

There's also a cumulative security update for Internet Explorer, versions 5, 6 and 7. That's an odd one, and shows that Microsoft didn't rewrite IE7 as much as it first seemed. However, there are clearly some improvements as the updates are only marked as Important for XPSP2 with IE7 and Low for Windows Server 2003 SP1/IE7.

Either way, get patching. You don't want to be involuntarily drafted into the ever-increasing bot armies.

Update My XP SP2 laptop, which is running IE7 and MS Office 2003 picked up no fewer than seventeen (17) patches. Vista 32-bit has only five here, none of them critical (Defender definitions update, the Malicious Software Removal Tool, Windows Mail and Office 2007 junk mail filter update plus the DreamScene Vista Ultimate Extras preview). Interesting.

Other related posts:
Fighting with Windows 8
The Windows Phone 7.5 bouncing tiles bug
Windows Live Essentials betas seem good, but oh so flaky

comments powered by Disqus


Google News search
IT News
PC World New Zealand
Computerworld NZ
PC World and Computerworld Australia
PC World US
Computerworld US
NZ Herald
Virus Bulletin

Content copyright © Juha Saarinen. If you wish to use the content of my blog on your site, please contact me for details. I'm usually happy to share my material as long as it's not for spamblogs and content farms. Please attribute with a link back to this blog. If you wish to advertise on my blog, please drop me an email to discuss the details.
Comments policy All comments posted on this blog are the copyright and responsibility of the submitters in question. Comments commercial and promotional in nature are not allowed. Please ensure that your comments are on topic and refrain from making personal remarks.