Microsoft patches 20 bugs, including critical Word flaw

Company admits another vulnerability has been used by hackers in attacks against its own online services

By , Computerworld |  Security, Microsoft

The update to kill certificates with shorter, more vulnerable keys, was triggered by the discovery of Flame, a sophisticated espionage tool uncovered by Kaspersky Lab. Flame infiltrated networks, scouted out the digital landscape and used a variety of modules to pilfer information. Among its tricks was one called the "Holy Grail" by researchers: It spoofed Windows Update to infect completely-patched Windows PCs.

Microsoft reacted by throwing the kill switch on three of its own certificates.

"Last chance," said Storms about users' opportunities to apply the update earlier, or block it from arriving on machines via WSUS (Windows Server Update Services). "While we have known for some time that the key update was going out, it's being officially released today," Storms added. "It will applied unless you stop it."

October's seven security updates can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through WSUS.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness