Sina Technology News According to February 8, local time in the United States (February 9, Beijing time), Microsoft released 12 security vulnerabilities patches on Tuesday, 8 of which are at the highest level of harm. Attackers can use these vulnerabilities to control the user's entire system, so they require users to download and install these patches immediately.
Microsoft said that of the 12 security vulnerability patches released, 8 are at the "critical" level, and 7 of them can affect the Windows operating system and related application software, including IE browser, media player and instant messaging programs. The 8th vulnerability exists in Office XP. Although the other four patches have a lower security level, if these vulnerabilities are exploited by attackers, they can also gain some control over the system. These 12 patches can plug 16 security vulnerabilities in total.
"We did release a lot of security patches to users this month," said Stephen Toulouse, head of security products at Microsoft. He said that no matter what version of the version he is using, he must at least install one of the latest patches mentioned above, and many of the latest patches are also suitable for users who have Windows XP SP2 installed.
Among the latest patches mentioned above, the most eye-catching one is the patch for the IE browser vulnerability, which has been previously disclosed. Toulouse said that some people have already known how to use the above vulnerabilities to launch attacks, but this type of attack activity has not yet appeared widely. But he warned that if someone starts doing this and users don't patch the vulnerabilities, the vulnerabilities will be exploited by attackers at a faster rate.
Another critical vulnerability is that the attacker lures users to click and view a special image through MSN or media player, and then gain control of the computer. This attack exploits a vulnerability in PNG image processing technology. Toulouse also reminds users that when they receive emails, links, documents or images from unknown sources, they should be alert at this time, and do not easily click on these things from unknown sources.
Vincent Gullotto, vice president of security software developer McAfee, said his R&D staff were very concerned about the vulnerability of a Windows server software. This vulnerability is related to the "Server Information Blocking" service, which is enabled by default for each Windows version to allow users to share files on the network. Using this vulnerability, an attacker can launch an attack without the user performing operations, but only if the user does not install firewall software. Oliver Friedrichs, senior director of Symantec security response, said the vulnerability could trigger the next large-scale Internet worm attack if it is not handled properly.
Windows users can download the latest security patches above by Microsoft. Previously, Microsoft has repeatedly urged Windows XP users to turn on the "Automatic Upgrade" service. However, since this service is invalid for automatic upgrade of Office, users who have Office installed must visit Microsoft's Office upgrade website and click the link "check for updates" in the upper right corner of the page.
Industry insiders say that upgrading a large number of security patches may cause some problems for large enterprise users. The reason is that these companies not only need to upgrade their PCs for all employees, but also need to confirm that these upgrades will not affect their normal business activities. To this end, Toulouse said that Microsoft will provide special technical support for enterprise users.
While Microsoft released a security patch, it also announced that it would acquire anti-virus software developer Sybari, with the aim of launching paid security products in the future. In recent years, various attacks from the Internet have targeted Microsoft products, and Microsoft has regarded security as one of the top priorities of the company's development.