Browser Security News

Today, Microsoft released seven scheduled security bulletins correcting a total of 18 vulnerabilities. The bulletins include:

* Three Office updates, rated Critical
* Two bulletins covering components that ship with Windows, containing flaws rated Critical
* One bulletin about an Internet Information Services (IIS) flaw, rated Important
* One bulletin fixing a low-risk vulnerability in Microsoft’s optional .NET framework (version 2.0).

It looks as though tired Microsoft administrators won’t get any break this month.

The Windows and Office flaws allow remote attackers to execute code, potentially gaining complete control of your desktops and servers. I’d take care of them first. Patch Windows and then Office, in that order. The IIS and .NET Framework 2.0 holes pose less risk. If you haven’t installed these components, don’t worry about these flaws. If you do have IIS, you should apply its patch. However, its flaw involves many mitigating factors that greatly reduce the risk of an attacker successfully exploiting the flaw. You can save that patch until after you fix the Windows and Office issues. Finally, the .NET framework vulnerability presents the least risk of them all. Apply it last, and only if you have installed .NET framework before. WatchGuard Wire: RSS Feed | WatchGuard Technologies, Inc.