14 DAY TRIAL // Hot on the heels of this month's security bulletins released on August 12, Microsoft made available for download the Security Releases ISO Image. Designed to deliver a manageable package with multiple individual language version patches for the Windows client and server platforms, the Security Releases ISO Image contains all the Windows security bulletins already served via Windows Update, including the ones for Windows XP Service Pack 3 and Windows Vista SP1. The Redmond company is offering the Security Releases ISO Image as a way to lend a helping hand to system administrators that need to grab Windows updates in multiple languages, but that do not use Windows Server Update Services (WSUS), an automated solution that comes with such functionality by default.
"The number of critical vulnerabilities patched by the latest set of security patches described in Microsoft's August Security Bulletin is high and they are all quite serious so the patches should be applied as soon as possible. However, we rated most of them with medium risk level since there are no known exploits in the wild, except for MS08-041 which we rated with high risk. The first samples of malicious scripts exploiting this vulnerability were seen in the wild couple of weeks ago," revealed Vanja Svajcer, principal virus researcher at SophosLabs.
On August 12, Microsoft dropped no less than 11 security bulletins, six of them for the Windows platform, two labeled with a maximum severity rating of Critical, with the remaining four just Important. However, the August 2008 Security Releases ISO Image contains a total of seven security bulletins. With the ISO package, Microsoft is providing updates for vulnerabilities affecting Internet Explorer, the Windows Image Color Management System, the IPsec Policy Processing, Outlook Express and Windows Mail, the Event System, Windows Messenger but also the VBScript and JScript Scripting Engines.
"One of the main factors we consider when estimating the risk of encountering an attack in the wild is the existence of a proof of concept code or a malware sample and factor this in our equation for estimating the risk. We are not trying to assess just how easy is to create an exploit for a certain vulnerability but also how likely it is our users will be hit by one," Svajcer added.
The August 2008 Security Releases ISO Image is available for download via this link.