MS releases patches for software

Seattle, October 11:

Microsoft Corp released six patches to fix software flaws that carry its highest threat rating, including three for defects that attackers were already trying to exploit.

The company said all six of the critical flaws could allow an attacker to obtain some access to other people’s computers. The Redmond software maker also released four other patches to fix vulnerabilities that the company deemed less severe. Customers can download all the patches for free on MS security Web site and also can sign up to have them automatically delivered to their computers. The automatic update system went down for several hours yesterday, but the problem was later resolved.

Microsoft said last month that it knew attackers were already trying to take advantage of defects in its Windows operating system, Microsoft Word software and PowerPoint presentation program. Christopher Budd, a programme manager with the Microsoft Security Resource Center, said that the company had seen limited attacks exploiting the flaws, but were nevertheless recommending that users apply those and other patches immediately.

Such vulnerabilities are rare. In most cases, security experts quietly provide Microsoft evidence of a security flaw, allowing the company to fix the problem in secret and release a patch before attackers can take advantage of it. But recently, the company has been hit with a number of so-called ‘zero-day’ attacks, in which flaws are targeted before Microsoft is aware of them or can release patches.

Such attacks have prompted some security researchers to release their own interim fixes. MS also has released patches outside its normal schedule.