Microsoft to plug holes in Windows, IE, Word, Office, and Excel

Updated 3:30 p.m. PDT with Adobe update due on Tuesday.

Microsoft will release 10 security updates on Patch Tuesday next week, including critical patches for holes in Windows, Internet Explorer, Word, Office, and Excel.

In addition, Adobe said it will provide security updates for Adobe Reader and Acrobat versions 7.x, 8.x, and 9.x for Windows and Macintosh on Tuesday in its first quarterly security update for its popular software for creating and reading PDF files. The critical update will be detailed on Adobe's security bulletin site.

Meanwhile, the six critical vulnerabilities in Microsoft software could allow an attacker to remotely execute code on a machine, according to the Microsoft security bulletin issued on Thursday.

Three important vulnerabilities in Windows could allow an attacker to elevate privileges and one moderate vulnerability in Windows could enable information disclosure.

Affected products include Windows 2000, XP, XP Professional edition, Vista, Server 2003, Server 2008; Office 2000, 2003, 2007, and XP; and Microsoft Office 2004 and 2008 for the Mac.

Other affected software includes Office Excel Viewer; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats; Works 8.5 and 9.0; and Office SharePoint Server.

It's likely the PowerPoint vulnerability is the same one that Microsoft warned about in April and fixed in the Windows version last month.

Missing from the list of patches is one disclosed by Microsoft in its DirectX streaming media technology in Windows last week that could allow someone to take complete control of a computer using a maliciously crafted QuickTime file.

[gertruded]

For how many years now have we had MS patching holes in their software? I am shocked, just shocked that there would be 10 new holes to be patched this week alone after all these years of patching.

You only need the patches if you use Windows on line.

[monkeyfun14]

Oh cause Apple and Linux distros never release patches right? Someone better tell them that they don't need those updating frameworks.

[tm_anon]

@monkeyfun14

The point being made is that after so many years of patching, there are still this many patches coming out.

As for your attempt at a slap in the face for Linux and OS X, I'm using Ubuntu 9.04 right now. Most patches that comes through are for the apps, not for the OS. With MS, most patches coming through are for MS products, in case you haven't been paying attention.

[monkeyfun14]

@tm_anon


I never known of any OS that gets to a certain point of perfection it just hasn't happened yet.

Vulnerabilities are constantly found.

With OSX with Linux with Windows

[michael_j_x]

@tm_anon
As long as there are new features added, then there will be new holes to be patched. And this are not OS patches, they are app patches, regardless of whether they are from MS or not.

[goodspeed8701]

I wont patch ubuntu even if there are lots of patch that will make me more secured. The fact that no one will care to hack the Os makes it get less patch.

[paulej]

@tm_anon, I disagree with your comment. When Microsoft releases a patch for an OS, it's not necessarily the Kernel (which you're referring to for Linux). Microsoft might be patching DNS or TLS code, and yes new vulnerabilities might be found years later (and certainly was for most DNS deployments last year). I get patches for those parts of Linux from time to time, too. Doing a quick check of the installed packages on a Linux machine here in my office, there are presently 248 packages that have updates available, and those require the installation of 27 new packages. Perhaps I ought not let it go so long, but the fact is this is a server machine that is working and sometimes things break with updates.

[tm_anon]

Notice I pointed out the difference between the two OS' as being that patches on Windows machines are almost exclusively done for Windows software and Linux patches are almost exclusively other apps.

I never said Linux was 100% perfect nor would I and I don't appreciate the attempt to pervert my comments into something they're not.

I responded to the claim about the OPs comment made by monkeyfun14. By his backhanded question (?) "Oh cause Apple and Linux distros never release patches right?" he was making the claim that the OP had said that Windows gets patched and the others don't.

Perhaps the rest of you should try reading an entire thread and taking all comments in context rather than believing a single poster who has proven to make poor comments quite often.

[tm_anon]

@paulej

It's fine that you disagree but, just to be sure, are you really trying to compare a Linux server to a MS Windows update for desktops?

@michael_j_x

The patches being rolled out on Patch Tuesday are not all for apps but they are all for MS software. There are the patches for the OS (everyone using those OS' will have to get those or leave fairly massive vulnerabilities on their OS) and there are patches for the productivity software (meaning lots of IT staff will be employed for yet another month updating machines and making sure nothing broke).

My point has never been that Linux doesn't need patches. Notice my comment only came after monkeyfun14 made a very poor attempt to pervert the words of the OP?

[Vegaman_Dan]

Let's not assume Gertruded is isolating Microsoft as the only OS with issues. The same comments work equally well for other OS's:

"For how many hears have we had (MS/Apple/Linux) patching holes in their software? I am shocked, just shocked that there would be 10 new holes to be patched this week alone after all these years of patching."

See? It applies to all OS's. Don't gang up on him because he mentioned only Windows- that happens to be the subject of the article, but the same thing applies to every one of the operating systems or products out there.

[Eddie-c]

@gertruded: Your initial comment is simply ignorant. Let's look beyond MS/Apple etc to the web itself and JS. After the web explosion there were almost *daily* CERTwarning about JS exploits and how systems can be infected/affected etc, and thus we have all these drive-by/mal-ware installations etc because too many people "have to" create things that are feature-rich, using stuff that has crappy code and thus becomes exploitable, and then patches have to be created.

Caveat: I am, by far, an MS fan-boy or apologist, having supported their stuff in the past.

[saffroncapital]

Wow... only 10... I'm impressed M$FT managed to get the number of patches down that low... they must be really making progress on improving the quality of their software... Steve Ballmer must really care about users after all....

[tm_anon]

Or maybe they were all too busy getting Windows 7 out to pay that much attention to anything else.

[lennie22]

@saffroncapital, @tm_anon:

at least they're putting out patches......I can't say the same for other OS makers, namely apple who, even after knowing about the vulnerabilities for more than 60 months.

[tm_anon]

@lennie22

Take a look at which products those came out for, how long has XP been around?

As for length of time exploits are known for, you may want to take a look at the history of MS fixing Windows exploits, both MS and Apple have some dirty little secrets to hide.

[monkeyfun14]

Apple = 9% of the users and %95 of the fanboys.

[gertruded]

There may be lots of people that use Windows, but it is hard to be a fan of the OS. Tolerating is not the same embracing an OS. A person may have to use Windows for work, may have to use it on their Pc for certain applications, but how could someone be a fan of Windows?

[lennie22]

@gertruded:

I am a Winodows/Microsoft fan....whats wrong with that? don't fool yourself or others, MSFT makes great software.

[ckh1272]

And monkeyfun14=.00001% of message posters and 95% of the FUD. See, it's easy to distort the issue to one's liking.

[Jack K1]

Apple markets to "fanboys".

[lennie22]

lol, someone used a term the other day but I can't remember it, but what I can recall is the description to the term (maybe I'll go Bing it later): the captured feels simpathy/love/ or a sense fo belonging to the capturers.....its an asinine situation but it does happen.

[lennie22]

**sympathy**

[lennie22]

yup, Bingged it and got it, its called Stockholm Syndrome

[kcotham]

@lennie

You "bingged" it? Are you working for Microsoft or one of it's advertisers? Or are you just jumping on the "Bing" bandwagon? I think I hate this "bing" as a verb more than "google" as a verb.

[monkeyfun14]

@kcotham

You would hate a cure for cancer if Microsoft had anything to do with it.

[ckh1272]

"by monkeyfun14 June 4, 2009 5:17 PM PDT
@kcotham

You would hate a cure for cancer if Microsoft had anything to do with it."

The same could be said about you when it comes to Apple.

[tm_anon]

@lennie22

Funny since MS is the captor for many of the worlds computer users and yet it still has so many fanboys.

[Vegaman_Dan]

Product updates are good regardless of OS.

[lennie22]

if MSFT doesn't release any patches, they complain. If MSFT release patches they still complain, I mean what is wrong with these people? I mean, if you use linux, go ahead and use linux, if its OSx then use your OSx, us winows users are not laughing at how long it takes your OS company to actually release updates. the Thing is MSFT actually has a lower average patch release date than does apple with its software....if I remember correctly; from vulnerability discovery to the date patch sent out to users, MSFT is about 40 something days, while Apple is 163 days (if I'm wrong someone correct me with actual evidence please).

The other day a huge vulnerability popped up in the Java runtime in Windows, Linux and OSx....the Windows vuln. has been patched but the flaw is still open in OSx and the only way to stay safe in OSx is to disable java in the browser and in preference. A lot of Mac uers downplayed the vuln as if it ws nothing, some even said "who uses java in the browser anyway?" well, I and almost everyone I know uses Java in the browser all the time, it would be a major inconvenience if i had to disable it. I know if it was only a windows problem the macheads would blow it through the roof.


I applaud MSFT for sending out patches at the quickness they do. however, its really a shame that people are getting on their case for doing so.

[lennie22]

http://www.bing.com/search?q=java+vulnerability+windows+os+x&FORM=SSRE

thats a to the articles about the problem, the second link is to a Cnet article about it too.

[gertruded]

eddie-c, ignorant huh. We can and should disagree without being disagreeable and call each other names and attack their character. You never know for sure who is behind the internet handles.

[lennie22]

you had nothing to say in response to his comment but this? and infact, it was an ignorant comment you made at the top of the comment section.

taken for the webster dictionary online
ignorant: :A) lacking knowledge or comprehension of the thing specified, B) resulting from or showing lack of knowledge or intelligence.

however, unless your comment was that of sarcasm then I take back this and the reply to your comment at the top. and next time if you intend to leave a sarcastic comment please leave a sarcasm tag bellow it or befor it. thanks. because reading something is not the same as hearing something.

[tm_anon]

@lennie22

Grow up.

[gertruded]

Oh lennie22, it is so easy to be nasty when hiding behind a handle on the internet. It is the arrogance of MS people that will end in the downfall of MS.

Of course it was sarcasm. Belittling people is a signature of MS people on this board and others whenever MS is criticized. Apparently only Windows people can have proffesional experience and be knowledgeable.

[monkeyfun14]

@gertruded

Let me fix that for you.


it is so easy to be nasty when hiding behind a handle on the internet. It is the arrogance of Apple people that will end in the downfall of Apple.

Of course it was sarcasm. Belittling people is a signature of Apple people on this board and others whenever Apple is criticized. Apparently only OSX people can have proffesional experience and be knowledgeable.


The majority of the people who act ignorant around here are Apple users thinking that OSX is god's gift to earth. In fact you were the one who started the argument in the first damn place.

[tm_anon]

@monkeyfun14

Let me fix that the right way for you.

It's the arrogance of people that will lead to the downfall of mankind. Doesn't matter what OS you use, if you're a prick, you're a prick.

I've kept up with the comments on this Blog, it's pretty easy to see who the pricks are around here.

[lennie22]

@tm_anon:

namely you right? anyways, I'm not going to go into any name callings with you...if you don't have anything relevant to say then don't say anything.....

[DrtyDogg]

@tm_anon: That is the first comment of yours that is 100% correct.

[shellcodes_coder]

Do they still release patches for Win 200? I though they had stopped doing so

[DOTA AllMoons]

what the hell are apple fanboys commenting about?? i thought this was supposed to be an article of office and ie patches..

[hassan_bin_sober]

I can think of another hole they could plug!

[i_sam]

This is why we have Firefox, Open Office, etc.

[Breezy1601]

These damn reports are next to useless. Be a real reporter and please tell us the basic area of vulnerability such as where the vulnerabilities are. For instance .. VB for apps, ActiveX, Win script, vb in PDFs, etc. That would actually provide some useful input as to what to disable in the meantime.

There will always be security holes in any scripting that MS just lets do whatever it wants. This doesn't happen in Java. It's actions are restricted. MS doesn't have the brains to do this with their scripting languages .. if you can even call them that.

[Hokulea]

My dog is smarter than your dog!

After mastering the slide rule, I wrote my first lines of code in FORTRAN on a teletype machine at my high school. During the 80's I used a Timex/Sinclair, IBM XT and AT, as well as a Commodore 64. In the mid 90's I used a Mac Classic for four years before picking up a second hand Gateway PC running Windows 3.11.

Since then I have owned various PC's running MS OS's from Win 95, Win 98 SE, Win ME, Win 2k, XP Pro, to Vista x64. I run Xubuntu on an old laptop that I resurrected. Ever tried to get an old wireless card to work in Linux? It?s a challenge.

I don't believe MS is evil or that Apple is a knight in brushed aluminum. Neither is Linux a barefoot Johnny Appleseed that's going to convert us all to open source. I choose to own Windows based PC's because they offer a good value when it comes to cost vs. performance and there's a wide variety of software applications available for the platform.

I happen to like Vista, especially the x64 version. I don't find UAC to be obtrusive or annoying. However, I didn't migrate to Vista when it first came out because I've been around the block enough times to realize that the cutting edge is also the bleeding edge. I also prefer MS Office to open source alternatives, though I usually run older versions of Office that are more affordable than the latest and greatest.

I think MS is doing a good job in identifying and patching software vulnerabilities. That hasn't always been the case, but their corporate philosophy has finally come around and placed a greater emphasis on secure computing. Currently MS offers a decent compromise between security and usability
.
I have a couple of friends that have over $10K invested in Snap-on tools. They refuse to use anything less. I have one Snap-on screwdriver that cost me $12. It's pretty, but it doesn't work any better than other screwdrivers that cost a fraction of what that one cost. I apply the same philosophy when it comes to my computing needs.

I really don't care what OS the box is running as long as it runs apps that let me do the things I want to do. It mystifies me why people invest thousands of dollars in home computers replete with glowing lights and transparent windows on the sides. What's the point? It's going to be obsolete before the lights burn out.

I'm more concerned with the tactile response of my keyboard and the ergonomics of the mouse I'm using. I also don't like high resolution widescreen monitors. The only thing they're good for is watching media in letterbox format. What I would really like to see, not only with computers but with all the soon to be obsolete electronic gadgets of the month, is better recyclability and a greater use of recycled materials.

While I think it?s silly to be sentimental about outmoded technology, I must confess that I do have a collection of slide rules as well as a few manual typewriters tucked away in the closet. What these obsolete technological marvels of their time share in common is that they both require users to have a conceptual grasp of what they are trying to accomplish prior to actual use. Identifying and recovering from errors was a bit more difficult, so it was better to get it right the first time.

Even with supercomputers and computational modeling, airplanes still crash from design defects and spacecraft go awry because of errors in unit conversion. And, we are still using the stupid system of measurement in the USA instead of the metric system. Time to update more than just MS software. It?s time to give the boot to some outmoded paradigms and reboot human consciousness. There seems to be too much morality and not enough ethics these days.

[fearghail]

Blah blah blah, long winded frigtard, and an educated idiot to. My dog doesn't care about your drivel cause he can eat your dog. Before we bobbed his nose and shortened his tale he was an alligator.

[Hokulea]

My pet raccoon beat up every dog in the neighborhood and he didn't have no edjication to.

[swwastik1992]

This is some shocking news for me. I mean Microsoft have been trying this for years. Mac is the way to go people.

<a href="http://www.howtohighjump.com">How to jump higher</a>

[Hokulea]

April 21, 2006
http://news.cnet.com/2100-1002_3-6063931.html

Dec 12, 2008
http://www.cso.com.au/article/206483/half_2006_vulnerabilities_still_unpatched

May 20, 2009
http://www.h-online.com/security/Exploit-for-unpatched-vulnerability-in-Mac-OS-X-Update--/news/113337

June 5, 2009
http://secunia.com/advisories/product/96/

Try searching on Google for unpatched Apple vulnerabilities. It's as bad if not worse than Microsoft.

[queticomn]

What else is new M$ plugging holes in their vulnerable software.

openSuSe linux!

[cjs-8]

Kind of sad that a bug in program can compromise the whole operating system.
I thought operating systems were supposed to be better than that.

[guvenlik-sistemleri]

Thanks for putting up the information.

<a href="http://www.guvenliksistemleri.info">güvenlik sistemleri</a>