Microsoft’s Patch Tuesday Churns out Security Fixes
Microsoft’s Patch Tuesday Churns out Security Fixes
December 12, 2007: It’s Patch Tuesday, meaning it is that fateful day of Microsoft patch releases which has been known to cause headaches for IT departments and celebrations for end users who get to see their issues patched up.
The December Security Update has been officially released by Microsoft and includes a variety of different vulnerability fixes. Several of the weaknesses being fixed relate to remote code execution flaws, which would allow the running of foreign programs and even the ability to completely take over your system.
The patch has remote code execution fixes for DirectX, Windows Media, Internet Explorer, SMBv2 and the Windows Message Queuing Service. There were also updates to the Windows Kernel and a Macrovision driver which would allow an elevation of system privileges for an attack trying to break into your system.
The Christmas period is an intensive time in the world of internet security, as there’s an increased volume of online financial transactions during the holiday period which escalates any threat. Security firms such as Messagelabs are also churning out their annual threat reports and forecasting what is on the horizon for 2008.
"2007 will be a memorable year for the security industry for many reasons. With consumers handing cyber criminals their personal details through social networking sites and the Storm botnet literally taking the market by storm, it has been an attention-grabbing twelve months,” said Mark Sunner, Chief Security Analyst, MessageLabs. “Although targeted attacks seem to be high on the threat agenda, the war between businesses and the bad guys significantly heightened in 2007 as new threats appeared from every angle and on every communications channel. If 2008 is as frenzied as this year, businesses need to prepare for battle and ensure they have their protection in place.”
Patch Tuesday actually serves to remind us that your operating system software needs to be kept up to date, not just your security software as new vulnerabilities are being discovered much faster then they can be patched.