Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Patches 19 Flaws, 6 in Vista

Posted by ryuzaki0 on from the many-patches-makes-os-work dept.

Cheesy Balogna writes "Microsoft has just released seven advisories — all rated critical — with patches for at least 19 vulnerabilities affecting the Windows operating system, the widely deployed Office productivity suite and the dominant Internet Explorer browser. Six of the 19 vulnerabilities affect Windows Vista. 'There are patches for 7 different vulnerabilities that could lead to code execution attacks against Word, Excel and Office. Users of Microsoft Exchange are also urged to pay attention to one of the critical bulletins, which cover 4 different flaws. A cumulative IE update addresses six potentially dangerous bugs. There are the six that apply to IE 7 on Windows Vista. The last bulletin in this month's batch apples to CAPICOM (Cryptographic API Component Object Model) and could also put users at risk of complete system hijack attacks.'"

3 of 307 comments (clear)

  1. Changes Default Browser by Anonymous Coward · · Score: 5, Interesting

    I used Microsoft Update to download and install the new patches last night. Lo and behold, upon reboot, Mozilla Firefox was no longer my default browser. It appears one of the new patches resets Internet Explorer as the default browser. Easy enough to fix, but why would a patch change a system's default browser in the first place?

  2. Cure the disease and lose the patient by CyberVenom · · Score: 5, Interesting

    When Microsoft releases "critical" patches like this, one of the primary motivations for users, home and business alike to apply the patches is fear of loss of data if their computer falls victim to one of the new exploits. To "help" users keep their systems up to date, Microsoft has provided the Automatic Update tool. Formerly this tool would insistently prompt the user to reboot once updates had been installed. Recently, however, the tool has taken to rebooting computers of its own volition if it is unable to elicit a user response to its prompting within 5 minutes. What's the big deal? Well, lets say you have just typed up a nice email but want to add a couple more points to it before sending it off, but you have to walk away from the computer for a while. (coffee break, etc.) And when you come back 6 minutes later you find that Windows has terminated all your open programs, lost your email, rebooted, and is now happily chiding away to itself in a little speech bubble about some new updates having been installed. Well, that's fine - install your damn updates, but either do it without destroying my work or wait until I give you permission!
    (yes, I lost an email I was writing last night because of this and I'm still a bit sore...)

  3. Did they fix the cltreq.asp query nonsense? by Medievalist · · Score: 5, Interesting
    People running Apache are starting to see this junk in their logs:

    GET /_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER =4&CAPREQ=0 HTTP/1.1
    GET /MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=2614&STRMVER =4&CAPREQ=0 HTTP/1.1     This noise gets spewed at websites by IE if you load the latest version of Microsoft Office and turn on the discussion bar "feature".

    You'd think sending these GETS to every single web site visited would be unnecessary (since IE can tell if it's connected to IIS, and only IIS is going to have cltreq.asp installed).

    I'm guessing they didn't fix that one?