Microsoft released a total of 22 patches in its monthly security update, labeling seven of them “urgent” and imploring companies to download them.
The software giant called three other patches “important,” one level less severe than “urgent.”
The security flaws affect Windows XP, the Internet Explorer browser and the spreadsheet program Excel. They are an open door through which hackers could gain control of a computer to steal data or send spam.
Response Time Critical
“Applying the security patches for these vulnerabilities is critical,” Oliver Friedrichs, senior manager at Symantec, told TechNewsWorld.
“In the latest Internet Security Threat Report released on Sept. 20, Symantec reported that the time to patch vulnerable systems is very short,” Friedrichs said.
“Between January 1 and June 30, the average time between the announcement of a vulnerability and the appearance of associated exploit code was 5.8 days.”
The patches fix holes in Internet Explorer, Simple Mail Transfer Protocol (SMTP), Network News Transfer Protocol (NNTP) and Network Dynamic Data Exchange (NetDDE).
Another vulnerability, if exploited, allows WebDAV to use all available memory on an affected server, Microsoft said.
The vulnerabilities are not unusual for Microsoft, which prepares a security advisory monthly.
“There are thousands of vulnerabilities in Microsoft code,” Bruce Schneier, CTO at Counterpane, told TechNewsWorld.
“It’s yet another disaster, but we’re used to it, so we don’t see it as a disaster,” he said.
The best thing to do, Schneier said, is to install the patches as soon as possible, and to have other layers of security in place.
Schneier also said that patches have been known to damage networks, so businesses must be careful to check that the fixes won’t cause more problems than they were intended to prevent.