Threat Center Security News Microsoft releases 21 patches
Microsoft releases 21 patches Print E-mail
Written by Rebecca Mints   
Thursday, 16 April 2009 00:47

It's been a busy week for Microsoft Corporation's security team and all of its hardwork paid off when Patch Tuesday arrived, which, all in all, fixed a total of 21 vulnerabilities found in Microsoft's software products.

Among the security updates long awaited by Microsoft users is the patch for WordPad and Office Text Converter remote code execution vulnerability. This flaw is triggered when a specially crafted file is opened in WordPad or Microsoft Office Word.

Ten other vulnerabilities categorized as critical by Microsoft have already been patched with the latest update, including six issues found in Internet Explorer early this year.

Another serious vulnerability that was resolved is found in Windows HTTP Services. In the Microsoft Security Bulletin summary, it was mentioned that one publicly disclosed vulnerability and two privately reported vulnerabilities in WinHTTP could allow remote code execution. This means that an attacker who successfully exploited this vulnerability could take complete control of an affected system and install programs, view or delete data and create new accounts with full user rights.

Other issues that were resolved include vulnerabilities in MS Excel that could cause remote code execution, in Windows that could allow elevation of privilege and six vulnerabilities in Internet Explorer.

Meanwhile, the Microsoft Security Response Team gave explanation in a blog post on why it released updates for issues that are already a year old.

Defending this move as 'the right thing to do', the MSRT said Microsoft digs deeper to make sure all flaws are covered and not just fix one flaw.

“If we find, at the 11th hour, an application compatibility issue that breaks third party software, do we ship anyway because we don't want to get bad press?” the team said.

“I will say that we will do the right thing for our customers; we will dig deeper; we will hold a low quality update; and we will release an update when it is ready for broad distribution; no sooner or no later,” they added.



WTW Threat Level