0
Quote
One of the biggest security updates for more than a year is due to released by Microsoft to fix 12 software flaws.
Nine of the updates apply to the Windows operating system and one is deemed critical, a rating reserved for the most serious security problems.
At least one of the loopholes being patched is already being actively exploited by malicious hackers.
Windows users are being urged to download the patches as soon as they become available on Tuesday 13 June.
Support shift
Microsoft issues its security patches on the second Tuesday of every month and June's update will be the biggest for more than a year.
This is because Microsoft is not only tackling security problems but also the fallout of a legal case that the software giant lost.
Microsoft gives advance notice of what is in its security patches to help companies plan how best to install the software and limit the impact on day-to-day business.
While most of the updates apply to Windows, two are for the Office suite of products and one for the Exchange e-mail server software.
One of the security problems being tackled in Office was found in Microsoft's Word software and the virus created to exploit it has been dubbed Backdoor.Ginwui. The virus and loophole were first discovered in mid-May.
The virus travels in an e-mail bearing a Word document that purports to summarise the results of a US-Asia summit.
Legal woes
Another of the updates has come about as a result of a courtroom clash between Microsoft and Eolas over technology in the Internet Explorer browser. The lawsuit ended with a $521m (£283m) judgement against Microsoft.
Microsoft had to re-engineer Internet Explorer to stop a technology known as ActiveX automatically starting when users visit some websites.
Before now, users could choose to apply this change to their browser, but this update makes it mandatory.
At the same time as information about the update was being released, Microsoft mentioned that it will not be able to patch Windows 98 and ME against a loophole discovered in April 2006.
Fixing this bug in the aging software would require a major re-write of the Windows Explorer program used in these old copies of the operating system.
Microsoft is not prepared to undertake this work, given that all support for Windows 98 and ME ends on 11 July 2006.
On its security blog Microsoft wrote: "We strongly recommend that those of you who are still running these older versions of Windows upgrade to a newer, more secure version, such as Windows XP SP2, as soon as possible."
Nine of the updates apply to the Windows operating system and one is deemed critical, a rating reserved for the most serious security problems.
At least one of the loopholes being patched is already being actively exploited by malicious hackers.
Windows users are being urged to download the patches as soon as they become available on Tuesday 13 June.
Support shift
Microsoft issues its security patches on the second Tuesday of every month and June's update will be the biggest for more than a year.
This is because Microsoft is not only tackling security problems but also the fallout of a legal case that the software giant lost.
Microsoft gives advance notice of what is in its security patches to help companies plan how best to install the software and limit the impact on day-to-day business.
While most of the updates apply to Windows, two are for the Office suite of products and one for the Exchange e-mail server software.
One of the security problems being tackled in Office was found in Microsoft's Word software and the virus created to exploit it has been dubbed Backdoor.Ginwui. The virus and loophole were first discovered in mid-May.
The virus travels in an e-mail bearing a Word document that purports to summarise the results of a US-Asia summit.
Legal woes
Another of the updates has come about as a result of a courtroom clash between Microsoft and Eolas over technology in the Internet Explorer browser. The lawsuit ended with a $521m (£283m) judgement against Microsoft.
Microsoft had to re-engineer Internet Explorer to stop a technology known as ActiveX automatically starting when users visit some websites.
Before now, users could choose to apply this change to their browser, but this update makes it mandatory.
At the same time as information about the update was being released, Microsoft mentioned that it will not be able to patch Windows 98 and ME against a loophole discovered in April 2006.
Fixing this bug in the aging software would require a major re-write of the Windows Explorer program used in these old copies of the operating system.
Microsoft is not prepared to undertake this work, given that all support for Windows 98 and ME ends on 11 July 2006.
On its security blog Microsoft wrote: "We strongly recommend that those of you who are still running these older versions of Windows upgrade to a newer, more secure version, such as Windows XP SP2, as soon as possible."
Source: BBC
