To end a busy week where Microsoft scrambled to respond to complaints about a faulty patch for Internet Explorer, the software giant said Friday it released an automated workaround to solve the glitch.

Security experts have mixed feelings about the workaround. On one hand, they commend the speedy remedy issued by Redmond, which IT pros hope will keep them from getting locked out of IE after a reinstall. Conversely, some wonder why a whole new patch wasn't issued to correct what happened last week to those who installed the cumulative fix for the application included in the December patch rollout.

According to Microsoft Security Response spokesman Bill Sisk, the fix mostly revolves around Windows XP Service Pack 2 (SP2) and the accompanying IE version 6, even though Security Bulletin MS07-069 was an all-encompassing update for all versions of the browser.

The latest workaround, released two days after Microsoft issued a manual workaround, requires users to change Windows Registry settings. This means essentially tweaking the master directory for the operating system that contains configuration information for all the hardware, OS software and related applications. For instance, when a user updates the control panel, system files or installed software, the changes are replicated and stored in the registry.

As of Friday, Redmond said it still has not ruled out issuing a hotfix to ensure that security administrators have no problems implementing the workaround.

Paul Zimski, senior director of market strategy at Lumension Security, a Scottsdale, Ariz.-based consultancy that makes PatchLink, said the issue is large scale because IE 6, the browser edition most prominently affected by the problem, is also the most popular and most widely used version of the OS-based Web application. In that vein, he cautioned that the workaround is only temporary.

Given the fact that enterprise technologists sometimes just install patches and jump right back into production without testing -- because that’s what they do every month -- Zimski said it's important for security administrators to evaluate immediate needs, which may or may not include installing a patch right away.

"Anytime you get involved with patching, you're dealing with potential pitfalls," added Zimski. "And when vendors such as Microsoft are up against tight deadlines, things can be missed even though patches are usually pretty safe."

The Windows Automatic Update brouhaha that arose last month and erupted again this week is not so much a problem with the program itself but perhaps a patch management and change control issue, observers say.

"This is really a cue, if you're an admin, to look at control over configurations of AU as well as user access rights," said Gil Kirkpatrick, chief technical officer of Phoenix, Ariz.-based NetPro, a Windows security and infrastructure consultancy,"It appears that if this is something that happened to specific users, it should have been audited beforehand or known beforehand."

The controversy has its roots in complaints from a recent discussion thread on AeroXperience.com -- a Windows enthusiast portal -- where it was revealed that some users had configured Windows Update to download but not install updates. These users discovered that their machines had rebooted overnight after installing updates automatically, causing some to lose critical application data. Further, the users reported that the Windows Update configuration had somehow reverted to the "install automatically" setting.

Microsoft this week denied any wrongdoing, stating in a blog entry that a detailed inspection of customer logs found that none of the patches doled out during this month's Patch Tuesday release"have made any changes to users' AU settings."

That wasn't the case last month, as Redmond conceded that it had silently updated the Windows Update apparatus in various OS versions without alerting customers.

As for this week's events, Microsoft suggested that components outside of Windows Update may be responsible for the changes, which is puzzling to some since Microsoft has just about corned the market in terms update programs for a Windows environment. In August, Microsoft's legal department even went so far as to contact independent vendors such as AutoPatcher.com and order them to stop developing mechanisms to help in updating Windows programs and applications.

"In this week's case it may very well be a foreign application that's causing this but to say Microsoft's absolutely not at fault would be simplistic," said Gerret Grajeck, founder and chief operating officer of Irvine, Calif.-based IT security firm Multi-Factor Authentication, Inc."The AU has a great impact about how programs on the OS are allowed to run and I'm concerned not just for my customers but about how my product might be affected by such unwanted updates."

Overall, servers running Windows in a complex processing environment might find it more expedient to use AU, but as Net Pro's Kirkpatrick points out, regardless of what Microsoft finds in subsequent investigations about AU, IT pros on the ground need to be thorough.

Grajek agreed, noting that enterprises usually take special precautions with update verifications during gestation periods for new programs and applications at the server level. He suggests that maybe it's time to go deeper and apply the same approach with OSes, hardware and workstations.

"When you look at companies that do regression testing at the server level, you kind of think that enterprises may need to look at how to do the same thing on the client side," Grajek said."This would put that extra assurance in place and prevent something like this from happening."

Trend Micro has released its 2008 Internet security suite, comprising three separate offerings aimed at various levels of Internet usage.

The AntiVirus plus AntiSpyware, and the PC-cillin Internet Security products are updated versions for 2008, with Internet Security Pro making its debut this year.

The Antivirus plus AntiSpyware version, costing $49.95, is the most basic offering and is aimed at casual Internet users. New features include proactive intrusion blocking capabilities to prevent changes to operating systems and critical software, an enhanced software history cleaner, and improved browser and cookie management.

At $99.95 the Internet Security product is a step up from the AntiVirus plus AntiSpyware edition, and according to David Peterson, Trend's consumer segment director for Australia and New Zealand, this version is about "getting back to what we were doing so well in the past".

Internet Security 2008 includes antivirus and spyware protection, a firewall, fraud defense against phishing scams, wireless and home network control and monitoring and parental controls. It is geared towards users who spend a considerable amount of time online, with a focus on protection from identity theft and personal or sensitive information theft.

New features include enhanced Web site behavior monitoring, the ability to detect and block image spam and customizable security warnings and security activity reports.

Ross Wilson, Trend Micro's managing director for consumer products and services, says that the days when viruses presented the greatest threat to Internet users are over.

"Viruses are an old hat," he explains.

"Threats have changed, malware is not what it used to be.... The very nature of the threat has changed. A lot of it now is driven by organized crime."

"Now it's about identity theft, and the theft of sensitive information in order to make money."

Trend's Internet Security Pro edition is subsequently targeted towards users who bank, shop, invest, use Wi-Fi and trade sensitive information online on a regular basis.

Internet Security Pro boasts all the features of the two lower versions, as well as several unique functions such as: keystroke encryption to prevent keystroke loggers from stealing data; the ability to validate the credibility of wireless hotspots and Wi-Fi networks; a remote file lock to secure folders and files in case of computer theft; and a system tuner to clean up the registry, temp files and startup behavior.

Peterson says the Pro product was originally conceived for high end users, but is now aimed at virtually anyone using the Internet to transmit sensitive data and information on a regular basis.

"Trend Micro 2008 products have been designed for people who extensively use their computers to conduct various activities online, whether they are at home or away."

The Pro edition costs $129.95, and all three versions protect up to three PCs for one year.

Microsoft rolled out six security bulletins on its "Patch Tuesday" today, one fewer than expected.

There are four "Critical" patches, which are all new fixes in the respect that they weren't previously known by the public. Further, instead of three, there are now just two patches that Redmond deemed "important."

One important patch mentioned in the advance notice but dropped from the release would have dealt with potential spoofing attacks, in which disguised malicious agents could enter the system under false pretenses. Also, one of the "important" patches dealing with denial-of-service (DoS) risks in every OS version should really be labeled "important-plus." Meaning slightly less than critical, but far more important than indicated.

Eric Schultze, chief security architect at Saint Paul, Minn.-based Shavlik Technologies, says this latest slate of patches validates ongoing concerns about the security integrity of Vista. It also reveals what he calls a "preponderance" of continued vulnerabilities across myriad Windows product offerings to attacks from malicious Web pages.

"I don't think Microsoft is getting the protection they hoped they would have had in Vista and it's starting to show," Schultze said. "We're also continuing to see client-side vulnerabilities coming from potential Internet threats."

The critical patches affect Kodak Image Viewer, Outlook Express and Windows Mail, Internet Explorer and Microsoft Word, respectively. They all have remote code execution (RCE) implications, an ongoing concern that security admins should keep an eye on, Schultze added. Microsoft suggests using baseline security analyzer to discover the threats.

The first critical issue involves Kodak Image Viewer, formerly known as Wang Image Viewer. Attackers could remotely execute code with the use of what Microsoft calls "specifically crafted images files." The fix is critical for both service packs of Windows 2003, as well as Windows 2000 SP4 and XP SP2.

The second critical security update addresses what might happen in Outlook Express and Windows Mail, if a post on a discussion thread, e-mail, article or blog entry sent via Network News Transfer Protocol (NNTP) is either maliciously uploaded or "incorrectly handled and malformed." Microsoft said an attacker could exploit the vulnerability by constructing a specially crafted Web page that could piggyback "newsreader" applications right onto an unsuspecting news server, which is usually installed on internal networks. The patch is especially critical as problems with NNTP can actually cause a security leak in the firewall, eating it away from within.

The third critical patch affects IE going back to version 5. The cumulative IE security tweak remedies three potential vulnerabilities by either refreshing and/or erasing Hypertext Transfer Protocol (HTTP) footprints that could otherwise dump malicious code onto the system. This patch closes a fourth hole by modifying the script errors on HTML pages, effectively sweeping away garbled or potentially malevolent code.

The last critical patch guards against RCE attacks that may occur through "specially crafted" Microsoft Word files. Affected programs include Word 2000 SP3, Word 2003 SP3 and Word 2004 for Mac. Word 2007 isn't affected.

"It's not so much a threat from the Internet that's a problem here but something that could happen internally, as you're not going to open a Word file from someone you don't know," said Schultze. "But you'd be amazed what one could achieve by just putting a document marked 'salaries' on the shared drive. People would open it and there is your entry point right there."

While the four critical patches are serious, out of all the patches released this month, perhaps the most intriguing and far-reaching one deals with DoS attacks. These are attempts to make IT resources unavailable to users affects nearly every OS version.

This "important-plus," patch, as Schultze and others have described it, would keep at bay an anonymous attacker looking to exploit vulnerabilities by sending specially crafted remote procedure calls or remote invocation authentication requests to a computer over the network. Microsoft said an attacker who successfully exploited this vulnerability could cause the computer to stop responding and automatically restart.

"This is something I might patch first, even above the criticals," Schultze said. "This is the most interesting thing this month. If I'm a disgruntled employee I can send packets that would take computers offline and if I take out corporate exchange servers, I can shut workstations down, lock people out and do it again after reboot."

Schultze said this patch is particularly significant as he expects an exploit for this vulnerability to be published within a week.

The last patch of the bunch, is a zero-day patch for all versions of SharePoint services. If left vulnerable, an attacker could gain elevated privileges on a machine and run scripts that could compromise anything from a single workstation to the entire network. The patch modifies the validation criteria for URL-encoded requests.

Rounding out the release, Redmond unveiled its monthly update to the Microsoft Windows Malicious Software Removal tool, as well as three non-security, high-priority updates on Microsoft Update and Windows Server Update Services; and one non-security, high-priority update for Windows on Windows Update.

There is a lot to consider this month for IT pros as half of the six bulletins -- two of the critical and one of the important items -- will require restarts. Moreover, although the "important- plus" patch for all OSes is not critical, the risks are.

Microsoft expects to release seven security patches with four "Critical" and three "Important" bulletins as part of its upcoming Patch Tuesday release.

The critical patches affect Windows Server Service Packs for 2000 and 2003 versions as well as Internet Explorer, versions 5 through 7 and Outlook Express for Windows 2000, 2003 and Windows XP.

The common thread of the four "critical" patches is their remote code execution (RCE) implications, a risk consideration that has been pretty consistent over the last few patch release announcements. Microsoft suggests using Baseline Security Analyzer to flesh out any potential bugs or problems.

Meanwhile, the three "important" issues are more varied in nature, with two bulletins affecting almost all Windows OS and server versions, including multiple service pack releases of Windows 2000 and 2003, XP and Vista. A third patch is related to Windows SharePoint Services.

The first important bulletin, given its breadth in affecting every Windows OS program, bears watching. That bulletin pertains to the prospect of denial of service attacks, which are attempts to make IT resources unavailable, locking users out of programs and applications.

The second important item deals with spoofs, also known in techie world as "masquerade ball" attacks, where a hacker as a user or malicious program passes his/itself off as another user/program using erroneous data and gaining unwarranted Read and/or Write access. This would affect all OSes except XP and Vista.

The last important patch affects all versions of SharePoint services and remedies concerns over potential elevation of privilege attacks, where malicious users can change profile settings, usurp access configurations and gain greater entry into the system than intended.

Of the total seven bulletins, three will require restarts.

As it does most months, Redmond will also release another update to the Microsoft Windows Malicious Software Removal tool and has plans to release three non-security, high-priority updates on Microsoft Update and Windows Server Update Services and one non-security, high-priority update for Windows on Windows Update.

Although things can still change, Thursday's advance notification points to a pretty busy Tuesday.