Microsoft - “Oops we did it again” 6 More Critical Security Vulnerabilities’
The newest patch from Microsoft appears to b a Mac vs. PC commercial in the making. Don’t be surprised if the next mocking ad from Mac addresses the 900 million people affected by Microsoft’s most recent security patch. The name of the release, Patch “Tuesday” which sounds more like an Irish celebration than a critical software patch, but then again maybe Microsoft was trying to lighten the mood.
The new patch release deals with 22 issues – 6 of them deemed critical (the higher security issue ranking Microsoft has). Another 9 were ranked as ‘Important’ (details).
With the onslaught of patches, fixes, security loop holes and virus vulnerabilities from Microsoft it seems almost ridiculous that they still currently hold about 90% of OS market share with their Windows product line. Given that this new fix will be difficult for administrators and IT managers to implement (due to a necessary reboot of all systems after the patching is completed) then perhaps this might be the kick in the butt that some MS shops need to explore other operating systems like the ever-increasing-in-popularity Mac OS and open source Linux.
Some of the most severe of the critical fixes are:
- A Graphics Rendering Flaw: There is a loophole in Microsoft’s graphics rendering processes that could allow malware to enter the system via a booby-trapped image. Without installing the fix users will be vulnerable to opening website thumbnails, email attachments, and even Word or PowerPoint attachments and images.
- Internet Explorer Cascading Style Sheets: The other serious vulnerability comes via IE and its CSS. Through this vulnerability a user can have their system compromised or overtaken by clicking on a malicious link.
And in completely unrelated MS PR there is a major flaw in Windows Phone 7 that causes the system to eat up user’s data plans, either maxing them out or running up charges. Microsoft has pointed the finger at Yahoo! Mail on this one, and the two have jointly released a manual fix that can be used while they come up with a more permanent solution. Sounds like MS was to busy creating the Patch Tuesday for Windows to deal with Windows Phone 7 errors.