- Nokia's new N97 vs. the iPhone
- Talk-powered cell phones?
- FBI: Copper thieves jeopardize U.S. infrastructure
- 10 Microsoft research projects
- Smartphone smackdown: Storm vs. iPhone
Microsoft has released patches for six flaws in Windows and Internet Explorer, some of which could allow an attacker to gain control of a computer system. The patches, which include a fix for a newly discovered flaw in Microsoft's Plug-and-Play software, were released Tuesday and comprise Microsoft's regular patch releases for August.
Three of the six vulnerabilities have been rated as "critical" by Microsoft, meaning that they could theoretically be taken advantage of to gain control of a computer without any action by the user. These three critical bugs concern the Windows Plug-and-Play system and Print Spooler software, as well as Internet Explorer's (IE's) image rendering software, the company said in a statement.
The other three patches cover less serious problems in the Windows Telephony Service, Remote Desktop Protocol and in the Windows implementation of the Kerberos authentication protocol.
Microsoft credits security vendor Internet Security Systems (ISS) with discovering the Plug-and-Play vulnerability, which was publicly disclosed Tuesday. Plug-and-Play is the standard technology that Windows uses to automatically configure peripheral devices.
No exploits for the flaw have yet been made public and it is of serious concern only to Windows 2000 users, said Neel Mehta, team leader of ISS's X-Force research team. But because attackers can easily take advantage of this bug to seize control of a Windows 2000 system, Mehta believes it will soon be exploited.
Windows XP users could technically be vulnerable to the Plug-and-Play bug as well, but they would have to alter their Windows Registry file for this to happen, Mehta said. "I think it would be very unlikely if you were in XP to be vulnerable"
Though more difficult for hackers to exploit, the Print Spooler vulnerability does affect Windows XP users and should also be considered critical, Mehta said. "I do expect to see exploits for Plug-and-Play and Print Spooler in about a week," he said. "We haven't seen issues this heavily exploitable in a while, so they will be heavily targeted by hackers."
The Internet Explorer patch concerns the way Microsoft's browser renders JPEG images, and it fixes the latest in a series of vulnerabilities related to the browser's image-rendering capabilities.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment