Microsoft plugs critical Windows holes
Microsoft today released eight security patches, three of which are rated 'critical', the firm's highest severity rating which indicates that a system can be remotely hacked without requiring any user interaction. In addition to the critical flaws, the Redmond company unveiled four fixes rated 'important' and two rated 'moderate'. Except for one patch isued for both Exchange and Windows, all fixes affect the Windows operating system. The critical patches affect DirectX versions 7 through 8.1, Internet Explorer 5.01 through 6 and the MSDTC and Com+ components of Windows XP, Windows 2000 and Windows 2003. DirectX is a tool that helps a computer display images. The reported flaw allows a hacker to gain control over system if the user opens a specially crafted .avi video file. It could be exploited by having a user follow a link that is sent in an email message. The Internet Explorer vulnerability left the application open to a buffer overflow which caused the application to unexpectedly quit and allowed the attacker to execute arbitrary code. Virus researcher Ero Carrera with security provider F-Secure warned that the three critical holes "might end up being used with malicious intent against unpatched systems." After Microsoft released a patch for a critical flaw in August, hackers needed only a few days to create malware that exploited the vulnerability. The subsequent worm outbreak wreaked havoc across the internet and affected several corporations. Authorities succeeded in tracking down the culprits who are currently being held in Turkish and Moroccan jails. While the updates repair some problems in the Microsoft software, many security vulnerabilities remain unfixed. Security website Secunia reports 69 security advisories for Internet Explorer 6 alone. Of those 29 per cent remain unpatched while 13 per cent have been repaired only partially, the security group warned.
Reproduced from an article published by vnunet.com
© vnunet.com
The original article can be viewed here:
http://www.vnunet.com/vnunet/news/2143650/microsoft-plugs-critical-holes
Permalink Bookmark Digg this story
