Security Experts on August Patch Tuesday: Update Now

Another Microsoft Patch Tuesday has come to pass, and with it a fairly long list of fixes. A total of nine patches have been made available for five issues marked "critical". An incredible 19 problems have been addressed by the entire day's release.

The nine patches address holes in Windows, MS Office software, ISA Server, Microsoft Visual Studio, the .Net Framework, BizTalk Server, and also Remote Desktop Client for Mac.

MS Office Flaw Very Serious

It's possible none of the fixes are more important than one Microsoft made public last month.

Affecting Microsoft Office, the issue specifically targeted the software's Web Components used to help users upload their spreadsheets and other documents onto the Internet. Microsoft revealed in late July that it had seen attacks based on the flaw affecting Office XP and Office 2003, Office Small Business Accounting 2006, and Internet Security and Acceleration Server 2004 and 2006. (Source: crn.com)

ActiveX Exploit Still a Concern

A number of the issues addressed this month continue to revolve around ActiveX vulnerabilities, a much larger problem Microsoft has been dealing with for a couple months now.

Some of these weaknesses could allow a hacker to exploit a user's computer simply by getting the latter to visit a malicious web page, making nefarious activity easier than most other hack jobs.

According to security researcher Ben Greenbaum, it's about time everyone sat up and paid attention to these very serious ActiveX vulnerabilities and sought out Microsoft's fixes. "All of the ActiveX issues patched this month could be easily exploited and can impact even the average computer user," said Greenbaum. "For example, any user who has Microsoft Office on their machine could be vulnerable to the Microsoft Office Web Components vulnerabilities." (Source: cnet.com)