Microsoft Fixes 26 Security Flaws

Propitious deeds always face impediments in their path, the same happened with Microsoft on Tuesday when the software giant released a ream of patches for Windows and Office, but networking problems kept it from distributing its latest security patches to users of its automatic update services.

As part of Microsoft's routine, monthly security update cycle, the company had released the updates at around 11 a.m. Pacific time on Tuesday. To fix prodigious 26 vulnerabilities in Windows, Office, and the .Net framework the Redmond software maker released the following security updates with a tag of rating:

MS06-056 & MS06-057 both address vulnerability in Microsoft Windows and has a maximum severity rating of moderate and critical respectively.

MS06-058, MS06-059, MS06-060 & MS06-062 all address vulnerability in Microsoft Office and has a maximum severity rating of Critical for earlier versions of Office and a maximum severity rating of important for more recent versions of Office.

MS06-061 & MS06-063 address vulnerability in Microsoft Windows and has a maximum severity rating of critical and important respectively.

MS06-064 & MS06-065 address the vulnerability in Microsoft Windows and has a maximum severity rating of low and moderate respectively.

Users were recommended to download all the patches for free on Microsoft's security Web site but later on, it was not made immediately available due to the 'technical difficulties' as described by the company.

Describing the nature of glitch in a blog posting, Microsoft's Craig Gehere said, “To be clear, it’s a delay due to the networking for these systems: there are no issues with the security updates themselves,” he further wrote, “Also, this issue doesn’t affect customers using Software Update Services (SUS), Windows Update v4 or Office Update,” and hoped to have it fixed by the end of the day.

"Technical teams are engaged and have been working around the clock to resolve this problem," he wrote. And, true to his commitments the problem was corrected late in the day.

However, the world's leading software-producing company also provided its users another option that is to download the patches manually from Microsoft's Web site.

Software produced by the most successful and influential software company Microsoft are a continuous target of Internet attackers, in part because the company's products are so extensively used. Over the past few weeks, observers have spotted attack code that exploits censorious bugs in the Windows operating system, Word, and PowerPoint, all of which were fixed yesterday.

The latest 10 security bulletins are designed to fix more than two dozen flaws in Microsoft's software, the largest bunch so far this year, said one security company. "Although there are only 10 patches, they address 26 vulnerabilities, and it's the largest release for Microsoft this year," said Jonathan Bitle, manager of technical accounts at Qualys. "This could be overwhelming for IT managers because they'll have to navigate what to patch and which to patch first."

Microsoft has yet to release a patch for one other publicly known flaw, one affecting the Internet Explorer browser 7 that is part of its Windows operating system. The company intends to roll out Windows Internet Explorer 7 later this month, with the browser update planned to be delivered shortly thereafter via Windows Update and Automatic Update.