News
Bluetooth, IE to Get Critical Microsoft Patches
Microsoft will release three critical security updates next Tuesday. A total of seven updates are planned.
By Robert McMillan, IDG News Service (San Francisco Bureau)
June 06, 2008 —
Microsoft plans to issue seven sets of security patches next week, including critical fixes for DirectX, Internet Explorer and Bluetooth wireless software for Windows.
The updates are due Tuesday, the day Microsoft had previously scheduled to release its security patches. Fixes are also slated for Active Directory, the Windows Internet Name Service (WINS) and the Pragmatic General Multicast (PGM) protocol, used by Windows to stream media to many recipients. These updates are all rated "important."
A seventh update, rated "moderate," is listed as a "Kill Bit" update for Windows. This type of patch will disable code that is known to have a security bug.
"The Kill Bit will more than likely be for a third-party application," said Andrew Storms, director of security operations with security vendor nCircle.
Lately, Microsoft's security group has had to pay more attention to software that runs on top of Windows, as attackers have increasingly looked to products like QuickTime, Adobe's Flash and other media players when devising their attacks.
Last Friday, Microsoft warned that a widely publicized flaw in Apple's Safari browser could be combined with another Microsoft bug to let attackers run unauthorized software on a victim's PC.
It's not clear whether Microsoft plans to patch that bug. The IE update could include a fix, although it's unlikely that Microsoft has had enough time to run this software through its testing process, Storms said.
It is unusual for Microsoft to patch Bluetooth, a protocol used to connect devices like headsets to Windows, but added that "the more interesting question is will this patch and/or the bug extend into Windows mobile where it will more than likely have a greater impact?"
Microsoft announced the planned patches in a note posted to its Web site on Thursday.
Other stories by Robert McMillan
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
Maximizing Site Visitor Trust Using Extended Validation SSL
Now with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.
Prudential Financial Protects its Brand with Symantec Data Loss Prevention Solutions
FORTUNE 100 insurance leaders rely on Symantec.Information Security: Data Drains and How to Prevent Loss
Do you know where your confidential data is?Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands
Learn what the thought-leaders at PricewaterhouseCoopers have to say.7 Requirements of Data Loss Prevention
Incorporate best practices from many companies using DLP solutions.E-LOAN Maintains Reputation as a Privacy Leader with Symantec Data Loss Prevention
Learn how this implementation of a DLP solution helps ensure customer trust and loyalty.
- The Case for Business Software Assurance ~ Securing Your Applications
- How Are Open Source Development Communities Embracing Security Best Practices?
- E-LOAN Maintains Reputation as a Privacy Leader with Symantec Data Loss Prevention Solutions
- 7 Requirements of Data Loss Prevention
- Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands
- Prudential Financial Protects its Brand with Symantec Data Loss Prevention Solution
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
7th Annual Digital ID World
-
September 8 - 10, 2008Hilton AnaheimRegister now »
Anaheim, California
(ISC)2 members can earn up to 20 CPE Credits
Reference priority code ONLINE and save $800 off the full registration price — attend the program for $995
