MS keeps admins busy with critical Vista patches
QuickTime and Opera updates make for heavy workload
Microsoft will be putting out eight security patches on 8 April, five of them with the unlovable critical label, in the latest run of its regular update cycle.
The critical updates cover a brace of bugs in Internet Explorer, a pair on Windows and one involving Office. All five might lend themselves to remote execution of malicious software on vulnerable clients.
All supported versions of Windows - including Vista - ought to be updated once the patches come out. Vista is subject to as many critical patches as XP (four), which doesn't say a lot for its much-vaunted enhanced security, especially since they arrive less than a month after the release of the first service pack for Vista.
In addition to the critical patches MS has scheduled three "important" updates for next Tuesday. Two of these separately tackle spoofing and code elevation risks in Windows, while the other deals with security bugs in Office.
A full summary is contained in Microsoft's advance bulletin notice here.
There's plenty more patching work to be done before next week. Opera has pushed out a new version of its browser (version 9.27) on Thursday that fixes two remotely exploitable vulnerabilities, detailed here and here. The updates cover separate flaws involving the processing of HTML CANVAS elements and Opera's handling of news feeds, as explained in an overview by security notification firm Secunia here.
Also of note is an update to Apple's popular QuickTime media player software, published on Thursday. Version 7.4.5 of QuickTime plugs 11 security vulnerabilities covering a spread of risks including code injection. Many bugs involve risks in viewing maliciously malformed movie files. Both Windows and Mac QuickTime users are equally at risk from the cross-platform flaws - the full info is an Apple advisory here. ®
If SP1 was only 2 months after release....
It would be a lot different! when XP was realesed, it was a lot of %&*$#, but it was mostly solved by its SP1, and fully solved by SP2...
Why they could not do this with vista is a mystery, or just stupid overconfidence...
a mate of mine said 'what is wrong with vista, why are you bashing it??' - and then we went to help out a freind with their issues... he told me, b.. ..LL, it is really that bad...
to just change the assocition of a file, you cannot find it in 'folder options' any more... Its been given a really fancy long name, that I keep forgetting...
Even 'add/remove' has been renamed to 'program features and defaults' - not what you would look at, to remove a program!!
Service Pack 1 for Vista was feature frozen months ago. Any changes made to it during the beta/RC stage were purely for compatibility and fixes to the pack.
Adding new features during beta/RC stage are what causes problems. "Oh, this one won't make any difference" but when combined with all the other ones being installed at the same time may introduce problems.
Critising MS for updates so soon after SP1 has been released is a bit lame.
@the xerox repairman
Yes well, A lot of Xerox boxen run wince, I believe.
Tell them to ditch that rubbish and buy nice NetBSD based Ricoh machines, which have much better security.
I support various embedded copier systems,Ricoh, Toshiba, Oki, Konica-Minolta.
They are in general the most reliable and secure network boxes I know of. despite the users best efforts.
As they consist of an embedded unix-alike (Linux,BSD,RTOS) Computer with a laser printer, scanner and file,email,web server, etc in one box.
Paris because she has a lot going on in one box.