Microsoft’s monthly security updates don’t touch Windows 7; give hackers time, researcher says

more images

more images

Microsoft’s monthly security fixes spare Windows 7

SEATTLE — Microsoft’s newest computer operating system has survived its first few weeks on the market without needing any security fixes.

Microsoft Corp. plugged several security holes Tuesday, but none are aimed at Windows 7, which was released Oct. 22.

That’s to be expected, said Ben Greenbaum, a researcher at the antivirus software company Symantec Corp. “Attackers will take more time to figure out ways of breaking into Windows 7,” he said.

Computer users can get the patches through Microsoft’s automatic-update service, or by visiting microsoft.com/security.

One of the fixes Microsoft marked “critical,” its highest severity rating, would thwart an attacker from infecting all the PCs on a local network after gaining access to just one. In other words, even if most people in the office are good at avoiding clicking on unknown links or opening mysterious documents, if one person’s computer is compromised the attacker could take over the rest.

The software maker also fixed flaws in its Excel and Word software that would give an attacker control of a PC if its owner opened a tainted spreadsheet or document.

It also patched problems in several older versions of Windows, including XP and Vista, that would give an attacker who already has control of a computer access to more of its functions.