Microsoft issues its biggest-ever security fix

Related Topics

Customers shop at Microsoft's first retail store during the grand opening in Scottsdale, Arizona October 22, 2009. REUTERS/Joshua Lott

Customers shop at Microsoft's first retail store during the grand opening in Scottsdale, Arizona October 22, 2009.

Credit: Reuters/Joshua Lott

By Jim Finkle

BOSTON | Tue Oct 12, 2010 5:39pm EDT

BOSTON (Reuters) - Microsoft Corp issued its biggest-ever security fix on Tuesday, including repairs to its ubiquitous Windows operating system and Internet browser for flaws that could let hackers take control of a PC.

The new patches aim to fix a number of vulnerabilities including the notorious Stuxnet virus that attacked an Iranian nuclear power plant and other industrial control systems around the world.

Microsoft said four of the new patches -- software updates that write over glitches -- were of the highest priority and should be deployed immediately to protect users from potential criminal attacks on the Windows operating systems.

Microsoft said it also repaired other less serious security weaknesses in Windows, along with security problems in its widely used Office software for PCs and Microsoft Server software for business computers.

Microsoft released 16 security patches to address 49 problems in its products, many of which were discovered by outside researchers who seek out such vulnerabilities to win cash bounties as well as notoriety for their technical prowess.

"This is a huge jump," said Amol Sarwate, a research manager with computer security provider Qualys Inc. "I think the reason for it is that more and more people are out there looking for vulnerabilities."

The geeks who report such vulnerabilities to software makers are known as "white hat" hackers. Sarwate warned that there are also plenty of "black hats," or criminal hackers who look for vulnerabilities in software that they can exploit to launch attacks on computer systems.

Indeed, the world's biggest software maker said that the patches released on Tuesday include software to fix a vulnerability exploited by the Stuxnet virus -- a malicious program that attacks PCs used to run power plants and other infrastructure running Siemens industrial control systems.

The virus, which infected computers at Iran's Bushehr nuclear power plant, was discovered over the summer. Security research Symantec said that it detected the highest concentration of the virus on computer systems in Iran, though it was also spotted in Indonesia, India, the United States, Australia, Britain, Malaysia and Pakistan.

So far Microsoft has patched three of the four vulnerabilities exploited by Stuxnet's unknown creators.

The total of 49 vulnerabilities exceeds the previous record of 34, which was set in October 2009 and matched in June and August of this year.

The constant patching of PCs is a time-consuming process for corporate users, who need to test the fixes before they deploy them to make sure they do not cause machines to crash because of compatibility problems with existing software.

(Reporting by Jim Finkle. Editing by Robert MacMillan, Gary Hill)
Tech

Related Quotes and News

Company
Price
Related News
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (9)
OhReallyNow wrote:
At some point we either award MSFT a prize for the most screwed up OS ever, or we consider these constant and expensive intrustions into our corporate and home/personal computing environments something more, well, more than just “fixing vulnerabilities” – more like, planting stuff to surreptiiously gather more information. I vote for the latter, except America is so dumbed down, it really could be that all of MSFT’s engineer’s are indeed that incompetent.

Oct 12, 2010 3:49pm EDT  --  Report as abuse
cynicalme wrote:
The endless garbage put out by MS over the years is incomprehensible. The ONLY reason they have escaped millions of lawsuits for defective product is that they “lease” the software instead of “selling” it. This company is the poster-child for American junk product, corporate greed, predatory business practice and ethical bankruptcy.

Oct 12, 2010 4:48pm EDT  --  Report as abuse
CumpunetX wrote:
Is obvious for hackers to attack Microsoft software because is cost effective due to the fact that the majority of computer in the world run MS software. Is unfair to said that MS OS or its products are junk or their engineer are incompetent they have their mishap like any other company. They bring to all the lower price hardware and the opportunity to almost everyone to have a PC in their home. Also has give the U.S.A. a technological advantage that their product that was created in America, is used around the world. Not everybody have $900+ for a apple computer nor they are technology savvy to use Linux or Unix. You would see when MS era it’s gone, it’s would be the same as with Microsoft, let’s hope that chapter would be one writing by and American company as well. Software are like cars, if many people have one particular brand you would see many more defects coming afloat and would be a greater target for thieves when the user base is small it’s seem to have less defects, but are there and they get stolen the same but in a smaller scale. Are theirs junk too? Simple reasoning.

Oct 12, 2010 7:47pm EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.
See All Comments »