Microsoft Issues 10 Fixes for Security Flaws

From Associated Press

Microsoft Corp. released 10 security fixes for various products Tuesday, including seven that fix flaws the company said posed the highest threat to users.

The patches apply to a variety of products, including some versions of Microsoft’s Windows operating system and server software, its Internet Explorer Web browser and its Excel spreadsheet program.

The seven most important flaws could allow an attacker to take control of a user’s computer, and the three others, deemed “important” -- the second-highest rating -- pose less of a threat.


The Redmond, Wash., software giant also rereleased a patch it put out last month because of problems with the fix and with the company’s massive new security update for the latest version of Windows, which is called Service Pack 2.

The patch aimed to fix a flaw that could allow an attacker to infiltrate a computer if the user viewed a specially crafted image in the popular JPEG format.

Stephen Toulouse, a security program manager at Microsoft, said people who had Service Pack 2 and were also using Office XP didn’t receive the update correctly because of a problem with the installer.

The slew of security updates comes just months after Microsoft released Service Pack 2, which aimed to address security concerns that have dogged Microsoft’s ubiquitous Windows operating system.

Users who have downloaded Service Pack 2 will need only one of the new patches, to fix a component of the Internet Explorer browser.

Oliver Friedrichs, a senior manager at security software firm Symantec Corp., said some of the vulnerabilities, if exploited, could allow an attacker to take control of a person’s computer even if the person just looked at an e-mail or viewed a website containing a malicious file. Other vulnerabilities require more action on the user’s part, he said, such as opening a file.


The sheer volume of updates could pose problems for businesses grappling to get them all installed in time to prevent attacks, Friedrichs said. Many companies first test the fixes to make sure they don’t interfere with other applications.