News Analysis

Microsoft security headaches mount

Microsoft has found itself under attack on a number of fronts with security researchers adding their own fix to help out worried users.

One group, Determina, published a free patch for a critical bug in an ActiveX control used by Windows' graphical user interface. The flaw was considered by some security experts to be critical because it could be used by attackers to run unauthorised code on a victim's PC.

Meanwhile, Microsoft was forced to issue an emergency patch for a separate problem in Outlook and IE's Vector Markup Language (VML) rendering engine, after the glitch was widely exploited by attackers. In addition, a series of criminals launched attacks that exploited an unpatched flaw in PowerPoint.

The VML flaw was fixed four days ahead of Microsoft's own patch by a group of security professionals around the world calling itself the Zero day Emergency Response Team (Zert).

The group created the patch so users of Windows versions that are no longer officially supported can protect their PCs against increasing attacks that utilise a recently disclosed Windows flaw.

While the vulnerability in Internet Explorer was unpatched, spam emails were circulating to try to lure users to infected websites. The page pretends to be a Yahoo Greeting Card, but users’ PCs were compromised as soon as they opened the site.

Microsoft's next set of security patches will be released 10 October, and may include a patch for the latest PowerPoint flaw.

Many people don’t know which is more worrying: Microsoft’s inability to produce less buggy software; its tardiness in delivering patches, or the need for freelance software vigilantes like Zert to clean up and produce patches when Microsoft and other suppliers fail to do so.

Maybe it's a sign of the times, but it does seem that ‘paramedic’ groups like Zert, and more thoughtful organisations like the Jericho Forum are now even more necessary to sweep up after suppliers who pay the barest of lip service to their users’ needs.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy