Posted on Wednesday, February 14 2007 @ 17:46 CET by Thomas De Maesschalck
If you're using Windows XP
it may be a wise idea to start the Windows Update feature as Microsoft released 20 new security updates.
The critical vulnerabilities are in Windows, Internet Explorer, Office and in Microsoft security tools such as Windows Live OneCare and Windows Defender. None of the Windows or Office flaws affect Vista or Office 2007, Microsoft's latest updates. However, Windows Defender ships as part of Vista, so the new operating system is at risk from that direction.
Microsoft used its February patch day to clear a backlog of "zero-day" flaws, or security holes that have been publicly disclosed but not fixed. Seven of the 20 vulnerabilities addressed by Tuesday's bulletins were zero-days, and five of those were in Office applications. Microsoft planned to issue patches for the Office zero-day bugs last month, but postponed their delivery.
Most of the Patch Tuesday flaws are only potentially harmful if people with vulnerable PCs visit a malicious Web site or open an infected document. For example, the Microsoft security tools could be compromised when they scan a rigged PDF file, according to the company's advisory.
