Microsoft Fixes Critical Flaws In Windows

Microsoft, on February 9, 2010, issued 13 security bulletins containing patches that address 26 flaws affecting Windows as well as Office programs. The company also urged customers to be especially careful with certain vulnerabilities that malware peddlers could exploit without difficulty.

Of the total security fixes, Microsoft rated 5 as 'critical,' 7 as 'important' a slightly lower ranking on the severity scale, and 1 as 'moderate.'

State the company's researchers that users seeking to patch their computers must pay the greatest attention to a critical flaw within DirectShow, a programming interface for multimedia application and framework. Hackers may contaminate computers with malware via a malevolent AVI file craftily hosted on a compromised website. So, if users can be lured to access this website through a deceptive link provided in an IM message or an e-mail that uses a social engineering tactic, then the attackers' purpose will be served.

Another critical vulnerability, which's found in the Windows Shell Handler, can further let hackers execute commands through a specially handled website. These commands including placing a Trojan can be executed on vulnerable computers running Windows XP, Server 2003, and 2000. States Microsoft that nobody has yet publicly exploited the vulnerability. Despite that the company marks a critical exploitability rating to the patch, implying that attacks can occur via the underlying flaw.

In the meantime, researchers further state that the MS10-009 patch addresses a few of the highly severe flaws within the Windows TCP/IP. These flaws can be exploited to execute malicious code after transmitting infections to a PC having IPv6 enabled. Subsequently, the PC can be crashed along with its user's identification and financial credentials stolen.

Hence Microsoft advises administrators to begin doing their patch exercise by using the critical 5 fixes. Although the other patches have been considered merely 'important,' Microsoft says that all end-users with vulnerable systems must update fast, as attackers have frequently targeted file-based security flaws during 2009.

Additionally, Microsoft advises that users should document the fixes, which aren't deployed immediately as a reminder later that they must be deployed. Besides, the documentation will help in conducting security audits as well.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 2/18/2010