Today, Microsoft announced patches for several product vulnerabilities. Below is information on the vulnerabilities that
Symantec rates as most critical. Many of the vulnerabilities pose serious risks to users, which could include loss of
confidential data and the ability to create new accounts.
Symantec strongly advises users to install all security patches as soon as possible. In addition, users and network
administrators should be keeping all antivirus definitions up-to-date and using appropriate firewall settings.
“Applying the security patches for these vulnerabilities is critical,” said Oliver Friedrichs, senior manager, Symantec
Security Response.
“In the latest Internet Security Threat Report released on September 20, Symantec reported that the time to patch
vulnerable systems is very short. Between Jan. 1 and June 30, 2004, the average time between then announcement of a
vulnerability and the appearance of associated exploit code was 5.8 days.”
Symantec Security Response has also increased the DeepSight ThreatCon from a level one to a level two.
Information regarding all of the patches issued today by Microsoft can be found at http://www.microsoft.com/technet/security/bulletin/ms04-oct.mspx.