11 Patch Tuesday vulns. (and hirsute coders II)

W00t! It's IT Blogwatch: in which Microsoft fixes a truckload of problems in the final "second Tuesday" of 2007. Not to mention the programmer dress code, part deux...

Gregg Keizer reports:

Microsoft Corp. today ... patched 11 vulnerabilities in Windows, Internet Explorer, Windows Media Player and other parts of the operating system ... seven ... are rated critical -- the highest ranking Microsoft uses -- while the other four are labeled important, the second-highest category in the company's four-step scoring system. [more]

Brian Krebs adds:

December's seven update bundles includes fixes for four separate security holes in Internet Explorer 6 and IE7, vulnerabilities that are considered critical for Windows 2000, Windows XP and Windows Vista users ... The IE patch is probably the most important ... as the vulnerabilities it corrects have the potential to affect the largest number of people. [more]

John Leyden motivates:

In all three cases the vulnerabilities addressed by the update create a possible means for miscreants to smuggle malware onto, or otherwise attack, vulnerable Windows boxes. But the IE update deserves special attention since hackers are actively exploiting the bug to attack vulnerable machines. [more]

Microsoft's Tami Gallupe bounces in like Dr. Nick:

Hi Everyone ... I just wanted to let you know that we’ve posted our bulletins for December 2007. We released seven bulletins today: three have a maximum severity of Critical, and four have a maximum severity of Important ... you can find more information at the Security Bulletin ... Happy holidays! [more]

Kaspersky's David Emm sounds depressed and unimpressed:

The use of unpatched vulnerabilies continues to be a significant part of the threat landscape, so it's no surprise that Micrsoft has been kept busy this year ... The situation in 2007 hasn't changed noticeably from 2006. Last year there were 49 critical, 23 important, and 5 moderate updates. 2007 brought very slightly fewer patches, with 43 critical, 24 important, and 2 moderate fixes. [more]

And Symantec's Rob Keith even sounds a bit smug:

As well there is an update to ... a previously documented local privilege-escalation vulnerability ... in Macrovision SafeDisc (secdrv.sys) ... This issue was originally detected in October of this year by Elia Florio of Symantec. [more]

Ryan Naraine gumbles:

[It's] a belated fix (MS07-067) for the well known – and under attack — vulnerability ... inexplicably, it took two patch-release cycles for Microsoft to include the fix. [more]

But Cisco's Dave Goddard is supportive:

I have first hand knowledge of the complexity involved in issuing public announcements ... the Microsoft security team does a great job in documenting these issues ... Candidly, I haven't been as impressed by past Cisco responses ... uncoordinated responses from various Cisco organizations often resulted in customer confusion. Well, no more ... I hope you agree this content is a dramatic improvement in Cisco's security event coverage. [more]

Swa Frantzen, as usual, prevaricates, obfuscates, and speaks in riddles:

Multiple vulnerabilities in Internet Explorer allow remote code execution ... PATCH NOW. [more]

And finally...

• The Programmer Dress Code - Part Deux
  • Jon "Maddog" Hall is Santa's long lost love-child
  • Barbara Liskov's Harry Potter spectacles are amazing
  • Here we see Bill Gates in all of his Hunter S. Thompson glory
  • Ada Lovelace - The first stand-in for Princess Leia
  • Phil Katz looks like he is waiting for someone to start a stopwatch so that he can begin eating his stack of floppy disks
    

Buffer overflow:

• Mitchell Ashley: Microsoft Is Becoming Another Cisco
• Mike Masnick: Google's PageRank Works Like Our Brains
• Nat Torkington: Stories we want to see in 2008
• Kevin Anderson: LeWeb3: Social Media: Is it killing our society?
• Ryan Paul: Using a Bluetooth phone with Linux
• iface thoughts: Why We Still Stink At Software Development
• Security and Compliance Connection: Virtualization Security Concerns - Truth or Fiction?

Other Computerworld bloggers:

• Eric Ogren: TrustSec – Cisco finally finds its security role
• Storage This Week: Flash-based laptops reviewed; storage power savings in the data center
• Mark Hall: Mule can help stubborn SOA problems
• Mike Elgan: Can new laptop batteries pay for themselves?
• Shark Tank: Never mind
• Seth Weintraub: Apple and VOIP, what does the future hold?
• Douglas Schweitzer: These private investigators' exploits are now public!
• Shark Bait: Do phones put you in a magic bubble?

Richi Jennings is an independent analyst/adviser/consultant, specializing in blogging, email, and spam. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. You too can pretend to be Richi's friend on Facebook or LinkedIn, or just use boring old email: blogwatch@richi.co.uk.

Previously in IT Blogwatch:

• LinkedIn adds API, features (and hirsute coders)
• Sexy enterprise software? (and US <3 lists)
• Airlines try in-flight Wi-Fi again (and Microsoft Linux???)