Skip to Content
MIT Technology Review
  • Featured
  • Topics
  • Newsletters
  • Events
  • Podcasts
    • Sign in

    Microsoft issues 9 security patches, including 6 ‘critical’; many plug Web holes

    August 14, 2007

    SEATTLE (AP) – Microsoft Corp. issued fixes for nine security flaws, including four meant to keep hackers from breaking into computers through Web pages, during a regularly scheduled update Tuesday.

    Microsoft gave the four Web browsing-related patches its most severe ”critical” rating. The updates affect many versions of Windows, Server and Office software – including Windows XP and Windows Vista – and are meant to prevent hackers from breaking into Web surfers’ computers using specially crafted Web pages.

    The other two critical updates target holes in the Excel spreadsheet program and in technology that lets users see downloaded images from e-mails or social networking Web sites.

    Microsoft assigned the second-highest ”important” rating to three security updates.

    Although the software maker has said Windows Vista, which became available to consumers in January, is its most secure operating system ever, one of the important patches Tuesday fixes a hole in ”gadgets” – small software applications – that deliver Really Simple Syndication, or RSS, feeds to the desktop.

    Users who subscribe to a malicious RSS feed, add a malicious contact file or click on a malicious weather link could open the door for an attacker to run code on their systems, according to Microsoft’s security bulletin.

    The other important patches plug holes in Windows Media Player and in programs that let users run more than one ”virtual” computer from inside a single hardware setup.

    Amol Sarwate, manager of the vulnerability research lab run by security company Qualys Inc., said hackers are increasingly looking to the Web for ways to attack regular users’ computers.

    ”What we have today is the new frontier of Web-based attacks with image files, media player skins, gadgets” and other entry points, Sarwate said.

    Sarwate said information technology staff at big companies have grown more savvy about security measures when running server applications. So instead, Sarwate said, attackers are looking to capitalize on average computer users’ ignorance about security to break in and install programs that can steal passwords and credit card numbers.

    Windows users can visit Microsoft’s security Web site to get the updates, or configure their computers to automatically update each month.

    ——

    On the Net:

    http://www.microsoft.com/security

    Keep Reading

    Most Popular

    This startup wants to copy you into an embryo for organ harvesting

    With plans to create realistic synthetic embryos, grown in jars, Renewal Bio is on a journey to the horizon of science and ethics.

    VR is as good as psychedelics at helping people reach transcendence

    On key metrics, a VR experience elicited a response indistinguishable from subjects who took medium doses of LSD or magic mushrooms.

    This artist is dominating AI-generated art. And he’s not happy about it.

    Greg Rutkowski is a more popular prompt than Picasso.

    This nanoparticle could be the key to a universal covid vaccine

    Ending the covid pandemic might well require a vaccine that protects against any new strains. Researchers may have found a strategy that will work.

    Stay connected

    Illustration by Rose Wong

    Get the latest updates from
    MIT Technology Review

    Discover special offers, top stories, upcoming events, and more.

    Thank you for submitting your email!

    Explore more newsletters

    It looks like something went wrong.

    We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.