IE 11 is not supported. For an optimal experience visit our site on another browser.

Microsoft releases six patches for flaws

Microsoft Corp. on Tuesday released six patches to fix software flaws that carry its highest threat rating, including three for defects that attackers were already trying to exploit.
/ Source: The Associated Press

Microsoft Corp. on Tuesday released six patches to fix software flaws that carry its highest threat rating, including three for defects that attackers were already trying to exploit.

(MSNBC.com is a joint venture of Microsoft and NBC Universal News.)

The company said all six of the critical flaws could allow an attacker to obtain some access to other people's computers.

The Redmond software maker also released four other patches to fix vulnerabilities that the company deemed less severe.

Customers can download all the patches for free on Microsoft's security Web site. But the company's recommended method — setting computers to automatically download such fixes — wasn't working Tuesday. Microsoft said the problem was with the automated update system itself, rather than the security fixes, and that it hoped to have it fixed by the end of the day.

Microsoft said last month that it knew attackers were already trying to take advantage of defects in its Windows operating system, Microsoft Word software and PowerPoint presentation program.

Christopher Budd, a program manager with the Microsoft Security Resource Center, said that the company had seen limited attacks exploiting the flaws, but were nevertheless recommending that users apply those and other patches immediately.

Such vulnerabilities are rare. In most cases, security experts quietly provide Microsoft evidence of a security flaw, allowing the company to fix the problem in secret and release a patch before attackers can take advantage of it.

But recently, the company has been hit with a number of so-called "zero-day" attacks, in which flaws are targeted before Microsoft is aware of them or can release patches.

Such attacks have prompted some security researchers to release their own interim fixes. Microsoft also has occasionally taken the unusual step of releasing patches outside of its normal monthly fix schedule, so users can be safeguarded more quickly.

Budd said Microsoft isn't seeing any specific pattern to the burst of zero-day attacks. But he said the company is seeing more focus on attackers trying to infiltrate computers through applications — such as Word or PowerPoint — rather than the Windows operating system.

Microsoft software is a constant target of Internet attackers, in part because the company's products are so widely used.

Microsoft has yet to release a patch for one other publicly known flaw _ one affecting the Internet Explorer browser that is part of its Windows operating system. Budd said the company was seeing very few attacks as a result of the flaw.