Scrutinizing Windows Patches

Analysis: eWEEK Labs takes a close look at 12 recent security patches from Microsoft to see how they'll affect system operation and application distribution.

On the last Patch Tuesday, Aug. 8, Microsoft released 12 security bulletins. Chief among the patches was a fix for PowerPoint, plugging a vulnerability that would allow an attacker to take complete control of a users system.

eWEEK Labs is taking a close look at all these patches to see how theyll affect system operation and application distribution. We paid special attention to the PowerPoint patch, which was downloaded automatically to a server in our labs via Windows Server Update Services. We applied the patch, described in Microsoft Security Bulletin MS06-048, to several desktop systems running affected versions of PowerPoint.

The patch was relatively simple to deploy using standard patch management tools. After a mandatory reboot of the systems so that the patch could take effect, we saw no sign that the patched iterations of PowerPoint were any different from the prepatched versions (aside from a change to the applications version number).

For complete coverage of the security bulletins, which address 23 vulnerabilities, read "Microsoft Fixes a Dozen Security Flaws, Nine Critical."

IT managers should make the application of the PowerPoint patch a priority for any system on which an end user has administrator rights. A compromised system could allow an attacker to install software, view and delete data, and create new user accounts.


Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.