Journal Journal: Patch Tuesday - IE7 Clean 75
As per the advance notification, Microsoft's monthly security bulletin, released yesterday addressed five general Windows issues and one in Visual Studio. It also included a fix for a problem in Windows Media Player for a total of seven updates.
As patch Tuesdays go it was fairly unremarkable. The only general Windows update (not counting IE) labelled as 'critical' is for the flaw in Media Player. As usual, there's a cumulative update for Internet Explorer and it does sound quite nasty - there are two critical script-related vulnerabilities and Secunia has already issued an advisory. Significantly, only versions of Internet Explorer versions 5 and 6 are affected. Version 7 is clean - which is welcome news as this is the first round of updates since the upgrade was pushed to world+dog last month as part of Windows Update.
SANS is calling this 'Black Tuesday' and recommends patches be applied urgently for the Visual Studio and Media Player vulnerabilities. The Visual Studio update is for version 2005. SANS indicates that there are already known exploits circulating for the SNMP vulnerability but currently none targetting the latest flaws in IE. However if you really have to use IE I recommend using a metabrowser such as Maxthon, Avant or SlimBrowser. SANS is recommending the Heise Offline Update utility covered in a previous story.
As patch Tuesdays go it was fairly unremarkable. The only general Windows update (not counting IE) labelled as 'critical' is for the flaw in Media Player. As usual, there's a cumulative update for Internet Explorer and it does sound quite nasty - there are two critical script-related vulnerabilities and Secunia has already issued an advisory. Significantly, only versions of Internet Explorer versions 5 and 6 are affected. Version 7 is clean - which is welcome news as this is the first round of updates since the upgrade was pushed to world+dog last month as part of Windows Update.
SANS is calling this 'Black Tuesday' and recommends patches be applied urgently for the Visual Studio and Media Player vulnerabilities. The Visual Studio update is for version 2005. SANS indicates that there are already known exploits circulating for the SNMP vulnerability but currently none targetting the latest flaws in IE. However if you really have to use IE I recommend using a metabrowser such as Maxthon, Avant or SlimBrowser. SANS is recommending the Heise Offline Update utility covered in a previous story.