Microsoft released what is called an “unprecedented” number of security updates October 13, aiming to plug up at least 21 new vulnerabilities, seven the software giant believes hackers could use to hijack Windows computers.
Most of the new patches affecting Windows XP actually came forth in Service Pack 2 released in August, and those XP users who installed that service pack already have only to put in two of the patches released October 13. One covers an Internet Explorer hole and the other is a re-issue of a patch released in September to fix a flaw in the way Windows and Office process digital image files, a flaw hackers have been exploiting recently in bugs like the so-called JpegOfDeath worm.
"I've never seen Microsoft release this many patches at one time," said Internet security company Red Siren’s chief technology officer Darwin Herdman to reporters. "The install base for these flaws is enormous."
Oliver Friedrichs, who runs Norton Antivirus maker Symantec’s security response, told reporters four flaws in how Windows processes images and other digital content were the biggest concerns. He said those are the most serious threats to home computer users. Three of the flaws in question were spotted in Internet Explorer.
TruSecure chief scientist Russell Cooper wondered whether the security holes also would affect products used mostly in medium to large businesses, singling out especially a flaw in Microsoft Server 2003 and Exchange Server 2003, the latter an e-mail management program. The Exchange flaws could let hackers take over mail servers and force them to become spam and phishing conductors.
"There are all kinds of bad things you could do with this flaw,” Cooper said, “since Exchange servers are installed in some pretty high-profile companies."
The image flaw patch was also redesigned to make it easier to install. Microsoft fielded a flood of complaints when the patch was first issued, saying mostly that it was too complex for ordinary computer users to install.
