- BlackBerry Storm vs. the iPhone
- 2008 IT industry graveyard
- Top 10 worst uses for Windows
- Economic crisis means double duty for IT pros
- BlackBerry Storm, RIM's first touchscreen device, rolls in
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Microsoft released 10 security patches, including three deemed "critical," for bugs in a variety of the company's products. Released Tuesday as part of the company's monthly updates, the critical patches repair flaws in Windows and Internet Explorer that could allow attackers to take complete control of a computer, Microsoft said.
The bug in Internet Explorer could theoretically allow Web pages with malicious code stored in the form of PNG (Portable Network Graphics) graphics files to gain control of a user's system. Microsoft also found a similarly critical bug in the Windows HTML Help system, as well as a flaw in Microsoft's SMB (sever message block) file sharing protocol.
"There is the potential for an attacker to somehow create an automated attack that could result in some sort of virus or worm," said Stephen Toulouse, security program manage with Microsoft's Security Response Center.
All three of the critical flaws were generally unknown before Tuesday, and they affect all supported versions of Windows, Toulouse said. None of the 10 bugs that were reported and patched has yet been exploited by attackers, he added.
Bulletins were also issued for important vulnerabilities in Web Client Service, Outlook Web Access for Exchange Server 5.5, Outlook Express, and Windows Interactive Training.
Moderate vulnerabilities were reported in Microsoft Agent, Telnet Client, and ISA Server 2000, Microsoft said.
Microsoft also re-released three patches, numbered MS05-019, MS02-035 and MS05-004 . Some of these patches were re-released because they had stopped certain applications from running on Windows, Microsoft said.
Though it only merited a moderate rating, the Microsoft Agent bug is serious because it could allow attackers to gain control over pop-up messages on a user's desktop, said Russ Cooper, senior scientist at Cybertrust and editor of the NTBugtraq discussion list.
Agent is user interface software that is often preinstalled on computers in order to generate cartoon-like characters, similar to Microsoft Office's "Clippy" paperclip, which are used in some Web-based help systems.
If exploited, the Agent bug could trick users into downloading malicious code, by intercepting or spoofing the computer's pop-up security warnings, Cooper said. For example, it could turn an Internet Explorer security warning into a message that said, "I have now verified that this is, in fact, your bank," he said.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment