Microsoft Released Patches for Nine Security Flaws
On September 14, 2010, Microsoft released nearly nine patches in its September patch. The patch contained four "critical" items to patch plus five "important" bulletins. Seven security bulletins try to deal with Remote Code Execution (RCE) risks and two are made to give protection against elevation-of-privilege issues.
These nine patches fix holes to Remote Procedure Calls (RPCs) in Windows networks. As per Jason Miller (Data and Security Team Manager at Shavlik Technologies), IT pros should test before rolling out the fixes, as per the reports by Microsoft Certified Professional Magazine Online on September 14, 2010.
Microsoft has set high priority on MS10-061/KB2347290 made to patch a print-spool vulnerability. Microsoft states that this vulnerability enables remote code execution if a hacker sent a specially designed print request to a vulnerable system.
Microsoft addressed MS10-062/KB975558 to fix a vulnerability in the MPEG-4 codec, hitting supported versions of Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008 with the patch MS10-62. Similar to several media vulnerabilities, the flaw allows remote hackers to launch random code by luring a user to open a harmful media file or stream infected media content from a website or application.
The third important bulletin was MS10-063/KB2320113 for the portion of Windows that manages Unicode containing a bug that could enable remote code execution exploits to be performed. The attacker has to feed user a document or a Web page with an attached, malformed font.
The fourth and last critical fix was MS10-064/KB2315011 related to outlook program. Outlook enables remote code execution when it opens a mail while connected to an Exchange server in Online Mode.
Moreover, Microsoft has also issued five major fixes related to Internet Information Services (IIS), WordPad text converter applications, Active Directory and last for the Users of XP and 2003 machines that are set up to use a Chinese, Japanese, or Korean system locale are able to elevate the privileges.
The users have been recommended to select these fixes if the system is infected with any of these vulnerabilities and to use the latest version of authentic antivirus for further safety.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 25-09-2010