Sina technology news on October 11, (Beijing Time on October 11), Microsoft released 12 security vulnerability patches on Tuesday, of which 8 are the highest level of hazards, attackers can exploit these vulnerabilities to control the user's entire system. Therefore, they are required to immediately download and install these patches.
Microsoft said that eight of the 12 security vulnerability patches were critical, 7 of which could affect the Windows operating system and related applications, including IE browser, media player, and instant messagingProgram. The 8th vulnerabilities are found in Office XP. Although the security levels of the other four patches are low, if these vulnerabilities are exploited by attackers, they can gain some control over the system. These 12 patches can block a total of 16 security vulnerabilities.
Stephen Toulouse, head of Microsoft Security Products, said: "We have released a large number of security patches to users this month ." He said that any Windows user, regardless of the version used, must install at least one of the latest patches, many of the latest patches also apply to users who have installed Windows XP SP2.
Among the latest patches, the most striking one is the patch for the IE browser vulnerability, which has been published previously. Tuluz said that some people already know how to use these vulnerabilities to initiate attacks, but such attacks have not been widely used yet. However, he warned that if someone starts to do so and users do not patch these vulnerabilities, they will be exploited by attackers at a faster rate.
Another critical vulnerability is that attackers can entice users to click and view a special image through MSN or media player to gain control over the computer. This attack exploits a vulnerability in PNG image processing technology. Toruz also reminds users that when they receive emails, links, documents or images from unknown sources, they should be vigilant, rather than simply clicking on these unknown sources.
Vincent gullotto, vice president of security software developer McAfee, said his R & D staff were very worried about a Windows server software vulnerability. This vulnerability is related to the "server information blocking" service. This service is enabled by default in each Windows version to allow users to share files on the network. This vulnerability allows an attacker to initiate an attack without any operation, provided that the user has not installed the firewall software. Oliver Friedrichs, senior director of Symantec Security Response, said the vulnerability could trigger the next large-scale Internet worm attack if it is not properly handled.
For Windows users, go to windowsupdate.microsoft.com. and download the latest security patches released by most Microsoft. Previously, Microsoft repeatedly urged Windows XP users to enable the "Automatic Upgrade" service. However, this service does not work for automatic update of the office. users who have installed the Office must visit the Microsoft Office upgrade website office.microsoft.com and click the "check for updates" link in the upper-right corner of the page.
According to industry insiders, upgrading a large number of security patches at once may bring some problems to large enterprise users. The reason is that these enterprises not only need to upgrade the PCs of all employees, but also need to confirm that these upgrades will not affect their normal business activities. To this end, tuluz said that Microsoft will provide special technical support for enterprise users.
While Microsoft released security patches, it also announced that it would acquire the anti-virus software developer sybari, which aims to launch a paid security product in the future. In recent years, many attacks from the Internet have targeted Microsoft products. For this reason, Microsoft regards security as one of the top priorities of the company's development.