Home Business IT Security Microsoft's February security updates include a 'non-security update'

Microsoft this week issued a dozen security bulletins addressing 22 vulnerabilities in Windows, Internet Explorer, Internet Information Service and Internet Explorer. The company also released a so-called non-security update that has everything to do with security.


Of the 12 security bulletins issued in February, three are rated critical. They affect Windows (a Windows Shell vulnerability affecting most versions excluding Windows 7 and Server 2008 R2, and a vulnerability in the OpenType Compact Font Format driver affecting all currently supported versions) and Internet Explorer (all currently supported versions).

According to Angela Gunn, security response communications manager at Microsoft, the company's ability to monitor the threat landscape allowed it to determine that attempts to attack the Internet Explorer vulnerability were very low, so there was no need for an out-of-cycle patch.

The other Windows issues are rated important or moderate.

The Office bulletin concerns Visio 2002, 2003 and 2007. It addresses a vulnerability that allows a maliciously crafted file to trigger remote code execution.

Microsoft also released a number of non-security updates, but one of them is all about security. Adam Shostack, program manager in Microsoft's Trustworthy Computing Security operation explained that "we reserve the term 'Security Update' to mean 'a broadly released fix for a product-specific security-related vulnerability.'"

So the update that changes the operation of Windows' Autorun feature is instead described as an "Important, non-security update."

CONTINUED



It might be more accurate to describe it as an "Important, non-security update update" as a patch to restrict Autorun to 'shiny' media (CDs and DVDs) is now being pushed out automatically via Windows Update to versions of Windows prior to Windows 7.

"We believe this is a huge step towards combating one of the most prevalent infection vectors used by malware such as Conficker," said Ms Gunn.

Mr Shostack explained that while it wasn't possible to determine how many infections occurred through misuse of Autorun, a significant proportion of infections involve malware that uses Autorun as one of their propagation methods.

 

LEARN NBN TRICKS AND TRAPS WITH FREE NBN SURVIVAL GUIDE

Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?

DOWNLOAD NOW!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

 

 

 

 

Connect

Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities