Microsoft Patch Day: 7 Bulletins, 19 Flaws

Yep, it’s that time of the month again. The folks at Microsoft have just released seven new security bulletins as part of their monthly patch cycle. They have also updated their Malicious Software Removal Tool.

Here are the details:

MS07-023: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233) – Max Severity: Critical

MS07-024: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232) – Max Severity: Critical

MS07-025: Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873) – Max Severity: Critical

MS07-026: Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832) – Max Severity: Critical

MS07-027: Cumulative Security Update for Internet Explorer (931768) – Max Severity: Critical

MS07-028: Vulnerability in CAPICOM Could Allow Remote Code Execution
(931906) – Max Severity: Critical

MS07-029: Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966) – Max Severity: Critical

Happy patching everyone!

Advertisements
Advertisement




10 Responses to Microsoft Patch Day: 7 Bulletins, 19 Flaws

  1. And do they require a reboot? Probably. Any good reason for that? Not really… Will it stop some people from updating immediately and make them put it off for a while…maybe months? Yes.

    I'm one of those people who updated once every 6 months because the reboot was annoying. Now I can update daily (if I'm unstable) or once or twice a week, but almost never reboot (unless it's a kernel update, which is once every 3 or 4 months if you're stable). I like it this way.

    • Some of them do, but Microsoft has really been working hard on doing patches that do not require reboots. Unfortunately, they're not there yet.. only 10% of them fall in this category, and about 80% MAY require a reboot… may! duh! :)

      • Uh…doesn't help much. I mean, if you are still guaranteed to need a reboot on *every* Patch Tuesday, well…I'm still likely not to do the updates. If they could find a way to make it so that every other month was a "reboot now" Path Tuesday and the in between ones would have only no-reboot-required patches or something…I'd at least be persuaded to patch the Windows systems a bit more. It just seems ridiculous that so many monthly patches are somehow low-level enough to require a reboot. I don't even know that they're low-level though. It could just be a function of the way Windows operates. I know with Linux, if a driver crashes (such as my sky2 driver for my Marvell NIC which crashes on high throughput), I can unload and reload the modules, but on Windows it would blue screen.

        Maybe the modularity of Linux is why I can have updates to the entire system (because instead of consciously checking for OOo or Firefox or Banshee or Sunbird or GRAMPS or whatever updates, they just come through with regular automatic updates) and not need to reboot; it just reloads the updated parts and keeps chugging. Windows isn't modular, so it could be that it's nearly impossible for Windows to just reload one chunk of itself to activate the update. If that's the problem, maybe it should be made more modular so that it can handle things like low-level crashes (one part breaks, the rest just sort of amputates it and keeps going until it can be reattached instead of getting gangrene and dying) and activating updates on smaller parts of the system. Heck, with most large configuration changes on Linux, you just restart the graphical part of the OS (ctrl +alt+backspace or log out/in) which is much faster (for me, about 35 seconds faster…meaning it's around 7-10 seconds) than rebooting. For driver modules, it's "sudo modprobe -r $drivername" then "sudo modprobe $drivername" (-r is for "remove" but "rmmod" can replace "modprobe -r" as well) if you want to remove the out-of-date driver from memory and load the newly-installed one. It's faster when setting up than waiting for Windows to reboot when installing drivers too.

  2. And do they require a reboot? Probably. Any good reason for that? Not really… Will it stop some people from updating immediately and make them put it off for a while…maybe months? Yes.

    I’m one of those people who updated once every 6 months because the reboot was annoying. Now I can update daily (if I’m unstable) or once or twice a week, but almost never reboot (unless it’s a kernel update, which is once every 3 or 4 months if you’re stable). I like it this way.

    • Some of them do, but Microsoft has really been working hard on doing patches that do not require reboots. Unfortunately, they’re not there yet.. only 10% of them fall in this category, and about 80% MAY require a reboot… may! duh! :)

      • Uh…doesn’t help much. I mean, if you are still guaranteed to need a reboot on *every* Patch Tuesday, well…I’m still likely not to do the updates. If they could find a way to make it so that every other month was a “reboot now” Path Tuesday and the in between ones would have only no-reboot-required patches or something…I’d at least be persuaded to patch the Windows systems a bit more. It just seems ridiculous that so many monthly patches are somehow low-level enough to require a reboot. I don’t even know that they’re low-level though. It could just be a function of the way Windows operates. I know with Linux, if a driver crashes (such as my sky2 driver for my Marvell NIC which crashes on high throughput), I can unload and reload the modules, but on Windows it would blue screen.

        Maybe the modularity of Linux is why I can have updates to the entire system (because instead of consciously checking for OOo or Firefox or Banshee or Sunbird or GRAMPS or whatever updates, they just come through with regular automatic updates) and not need to reboot; it just reloads the updated parts and keeps chugging. Windows isn’t modular, so it could be that it’s nearly impossible for Windows to just reload one chunk of itself to activate the update. If that’s the problem, maybe it should be made more modular so that it can handle things like low-level crashes (one part breaks, the rest just sort of amputates it and keeps going until it can be reattached instead of getting gangrene and dying) and activating updates on smaller parts of the system. Heck, with most large configuration changes on Linux, you just restart the graphical part of the OS (ctrl +alt+backspace or log out/in) which is much faster (for me, about 35 seconds faster…meaning it’s around 7-10 seconds) than rebooting. For driver modules, it’s “sudo modprobe -r $drivername” then “sudo modprobe $drivername” (-r is for “remove” but “rmmod” can replace “modprobe -r” as well) if you want to remove the out-of-date driver from memory and load the newly-installed one. It’s faster when setting up than waiting for Windows to reboot when installing drivers too.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.