Microsoft’s Security Updates Patch Nine Vulnerabilities
On July 14, 2009, Microsoft issued six security updates under its monthly Tuesday Patch that addressed a total of nine vulnerabilities. Of these, three updates address critical vulnerabilities, including two unpatched zero-day flaws.
Among the 6 updates, 3 patch flaws in Windows whereas the rest patches holes in ISA (Internet Security and Acceleration Server), Microsoft's virtualization application, and Publisher.
Further, 3 other updates cover vital risks that, according to security researchers of Relevant Products/Services, can fast rise to a "critical" state. Microsoft rated 6 of the 9 vulnerabilities as "critical," the company's top rating within its four-stage grading, while 3 as "important," the second-lowest grade.
The software giant also released fixes for a flaw in its Video ActiveX Control as well as a flaw in Windows' DirectShow. Cyber attackers are presently exploiting both the flaws to install malicious software on computers when users access specific websites that are either malevolent or hacked.
In May 2009, Microsoft admitted that hackers had been exploiting the flaw in DirectShow, a component of DirectX image platform of Windows. During the 2nd week of July 2009, it acknowledged the presence of another flaw affecting an ActiveX Control for video streaming used by IE. Microsoft admitted that it had been aware of this flaw but hadn't developed a patch for last 18 months.
In the meantime, CTO Wolfgang Kandek of Qualys said that it was important to immediately address Microsoft's advisories as they allow a hacker to wholly compromise a victim's PC.
Relevant Products/Services ISA 2006, a proxy server of Microsoft, is affected with an "important" vulnerability that allows unauthorized users to control the server from a distant location. Thus, a hacker, who knows the username of the administrator, could effectively compromise the server. Kandek further said - since guessing of administrators usernames is often easy, this vulnerability should be given special attention in case IT companies are utilizing ISA plus the Radius setting.
Additionally, Microsoft also issued fixes for a vulnerability, MS09-033 rated "important," in its virtualization products, Virtual Server and VPC, blocking escalation of rights for the guest OS.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 8/4/2009
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!