[gui-talk] Tech Alert: Windows Gets Big Security Update

David Andrews dandrews at visi.com
Tue Jun 13 10:32:22 CDT 2006 

Windows gets big security update

One of the biggest security updates for more than 
a year is being released by Microsoft to fix 12 software flaws.

Nine of the updates apply to the Windows 
operating system and one is deemed critical, a 
rating reserved for the most serious security problems.

At least one of the loopholes being patched is 
already being actively exploited by malicious hackers.

Windows users are being urged to download the 
patches as soon as they become available on Tuesday 13 June.

Support shift

Microsoft issues its security patches on the 
second Tuesday of every month and June's update 
will be the biggest for more than a year.

This is because Microsoft is not only tackling 
security problems but also the fallout of a legal 
case that the software giant lost.

         We strongly recommend that those of you 
who are still running these older versions of 
Windows upgrade to a newer, more secure version, 
such as Windows XP SP2, as soon as possible
Microsoft advice
Microsoft gives advance notice of what is in its 
security patches to help companies plan how best 
to install the software and limit the impact on day-to-day business.

While most of the updates apply to Windows, two 
are for the Office suite of products and one for 
the Exchange e-mail server software.

One of the security problems being tackled in 
Office was found in Microsoft's Word software and 
the virus created to exploit it has been dubbed 
Backdoor.Ginwui. The virus and loophole were first discovered in mid-May.

The virus travels in an e-mail bearing a Word 
document that purports to summarise the results of a US-Asia summit.

Legal woes

Another of the updates has come about as a result 
of a courtroom clash between Microsoft and Eolas 
over technology in the Internet Explorer browser. 
The lawsuit ended with a $521m (£283m) judgement against Microsoft.

Microsoft had to re-engineer Internet Explorer to 
stop a technology known as ActiveX automatically 
starting when users visit some websites.

Before now, users could choose to apply this 
change to their browser, but this update makes it mandatory.

At the same time as information about the update 
was being released, Microsoft mentioned that it 
will not be able to patch Windows 98 and ME 
against a loophole discovered in April 2006.

Fixing this bug in the ageing software would 
require a major re-write of the Windows Explorer 
program used in these old copies of the operating system.

Microsoft is not prepared to undertake this work, 
given that all support for Windows 98 and ME ends on 11 July 2006.

On its security blog Microsoft wrote: "We 
strongly recommend that those of you who are 
still running these older versions of Windows 
upgrade to a newer, more secure version, such as 
Windows XP SP2, as soon as possible."
Story from BBC NEWS:
http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/5071656.stm

Published: 2006/06/13 13:01:53 GMT


David Andrews and white cane Harry.

More information about the gui-talk mailing list