Thursday, November 12, 2009

Windows 7 Gets a Bye on Latest Patch Tuesday

As usual, Microsoft pushed out a set of bug fixes for Windows on the second Tuesday of the month, but none of the security fixes were aimed at Windows 7, it's newest operating system. That may not last for long -- "Attackers will take more time to figure out ways of breaking into Windows 7," according to Symantec's Ben Greenbaum.

Microsoft's newest computer operating system has survived its first few weeks on the market without needing any security fixes.

Microsoft plugged several security holes Tuesday, but none are aimed at Windows 7, which was released Oct. 22.

Give It Time

That's to be expected, said Ben Greenbaum, a researcher at the antivirus software company Symantec (Nasdaq: SYMC). "Attackers will take more time to figure out ways of breaking into Windows 7," he said.
Computer users can get the patches through Microsoft's automatic-update service, or by visiting microsoft.com/security.

One of the fixes Microsoft marked "critical," its highest severity rating, would thwart an attacker from infecting all the PCs on a local network after gaining access to just one.

In other words, even if most people in the office are good at avoiding clicking on unknown links or opening mysterious documents, if one person's computer is compromised the attacker could take over the rest.

Locking Down Attackers

The software maker also fixed flaws in its Excel and Word software that would give an attacker control of a PC if its owner opened a tainted spreadsheet or document.

It also patched problems in several older versions of Windows, including XP and Vista, that would give an attacker who already has control of a computer access to more of its functions.