14 DAY TRIAL // Last week we got the warning thanks to the Advance Notification service, which pre-announces upcoming patches but limits the information disclosed, today we got the real deal, 13 security patches, brand new. Nine of the bulletins target Microsoft Windows and the rest are heading SharePoint Services, Microsoft Office, the .Net Framework, Visual Studio, Windows Media Player, and MSN Messenger.
Eight security fixes carry its highest threat rating and users are asked to install them immediatly because all the vulnerabilities they address could let attackers take complete control of systems.
Seven of the security vulnerabilities Microsoft marked "critical" affect the Windows operating system and related software, including the Internet Explorer browser, media player and instant messaging program. The eighth is with the Redmond software maker's Office XP business software. The patches can be downloaded at www.microsoft.com/security .
The total ammount of vulnerabilities Microsoft expects to get rid of with this wave of patches rises to an impressive 19, 14 of them are rated as critical.
Among them is a vulnerability that will likely lead to the biggest, baddest worm since mid-2003, said Mike Murray, the director of research at vulnerability management vendor nCircle.
MS05-011 fixes a vulnerability in SMB [Server Message Block], which is running on every version of Microsoft's operating systems. It is exploitable remotely, so it doesn't rely on an e-mail or getting someone to a Web site. All the attacker has to do is send a properly-formatted packet and he'll break in.
Microsoft also released four security fixes that carry lesser threat levels, but the problems could still let attackers gain some control of a system.