- BlackBerry Storm vs. the iPhone
- 2008 IT industry graveyard
- Top 10 worst uses for Windows
- Economic crisis means double duty for IT pros
- BlackBerry Storm, RIM's first touchscreen device, rolls in
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Microsoft has issued six security updates, fixing critical bugs in Windows components ranging from Internet Explorer to the Microsoft NetWare client service.
The updates were released Tuesday morning local time as part of Microsoft's monthly cycle of security patches. Five of this month's updates are rated critical by Microsoft, meaning that these bugs could be exploited by attackers to run unauthorized software on a system without user action. Microsoft rates the sixth update, which fixes the NetWare flaw, as "important."
The updates also fix Microsoft's XML parser, the Windows Workstation service, the Microsoft Agent and the Macromedia Flash Player that is distributed with the operating system.
In total, nine security flaws are patched in the six updates, said Mark Griesi, a security program manager with Microsoft.
Many of the flaws could be exploited by attackers who planted malicious code on Web servers and then tricked victims into visiting these sites.
For example, the Macromedia Flash, Microsoft Agent, and Internet Explorer bugs fall into this category, Griesi said. "The attack vector on all of these is the same," he said.
According to Symantec, the most critical of the updates is the Workstation service patch. "This issue can be exploited by remote anonymous attackers on Windows 2000, Windows XP and possibly Windows Server 2003 systems," Symantec said in a statement. "A wide variety of component technologies and services are impacted by this issue which has potential for a worm-style attack."
Griesi said that he did not believe that a widespread worm attack based on this vulnerability was likely.
Remote attackers would be able to exploit this system remotely on a Windows 2000, Service Pack 4 system, according to Microsoft's Web site. But on an XP Service Pack 2 machine, attackers would first need to have administrator privileges on the machine. The vulnerability does not affect Microsoft's server operating systems.
The Internet Explorer update is important, because unlike many of the other services being patched this month, Internet Explorer can easily be targeted by attack code placed on a Web site, said Roger Thompson, co-founder and CTO with Exploit Prevention Labs. "I think IE is always the most critical," he said via instant message.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment