Security firms urge Microsoft users to patch up

Security firms are urging Microsoft users to patch their systems against the 23 security vulnerabilities disclosed by the software firm yesterday.

McAfee said it has reviewed Microsoft’s security bulletin and recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended.

Microsoft’s 12 security bulletins cover a total of 23 vulnerabilities – 15 of which are rated 'critical' due to their potential for remote code execution. Ten of the bulletins affect Microsoft Windows, while the remaining two bulletins pertain to Microsoft Office. The MS06-040 Vulnerability in Server Service is a worm candidate since it is remotely exploitable and does not require user interaction.

"Today Microsoft has patched 23 vulnerabilities, the highest number since their monthly patch program started," said Monty Ijzerman, senior manager of the Global Threat Group for McAfee Avert Labs.

"Eleven of the patched vulnerabilities were already publicly known or exploited in the wild. One of them, the Server Service vulnerability, can be remotely exploited without the need for any action on the victim's side, thus making it a worm candidate."

The Microsoft August security bulletin can be viewed here.