Microsoft hit again with five critical updates

Stan Beer
Wednesday, 15 November 2006 08:47

Your IT - Home IT

It's that time of the month again and this Patch Tuesday, November 14 2006, Microsoft has managed to escape with a relatively small number of vulnerabilities to patch. However, the bad news is that of the six reported flaws, five were rated critical, which basically means that unlucky users just have to be logged on to unwittingly hand over control of their computers to attackers.

Of the five critical vulnerabilities, three were in the Windows XP operating system, including SP2, one was in the Internet Explorer browser (but not IE7) and one was a vulnerability in the Microsoft XML Core Services used by developers.

Critical vulnerabilities, if exploited can be a user's worst nightmare. According to Microsoft's own words, an attacker exploiting a critical vulnerability can take complete control of an affected system. This would enable the attacker to install programs; view, change, or delete data; or create new accounts with full user rights.

Users are particularly vulnerable to critical flaws if logged on with administrative user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights, according to Microsoft.

The problem is that with all versions of Windows up to XP, most users by default give themselves administrative rights in order to do the things that everyone is afraid remote attackers will do. Linux and other Unix derivatives, such as Apple OS X, impose a far more stringent permissions based regime on users, requiring them to enter passwords in order to do tasks like install software.

With Vista, Microsoft has moved to emulate the security regime of the Unix and Linux world.