An Unusually Heftier Patch Tuesday For Microsoft
With about half a dozen security-bulletin fixing issues external to the OS, the "Patch Tuesday" event of Microsoft this month is going to remain unusually heftier. All the vulnerabilities related to the OS are confined to the Windows 2000 and Windows XP operating systems. There were no security bulletins being issued for Vista however.
Microsoft, with its operating systems running over 95% of PCs worldwide, issued these patches as part of the security-bulletin it publishes every month. The 6 alerts were labeled as "critical", which is the most serious of all ratings given by the company. These vulnerabilities could allow the scammer to completely commandeer a vulnerable PC without any or least action on user's part.
The fixes under monthly update include a patch for a critical flaw in Microsoft Windows Vista's malware Protection Engine. The component authorizes Windows Defender & OneCare security software for the OS.
A scammer via the construction of a specifically designed PDF file could exploit the vulnerability. The flaw could potentially enable remote-code execution as soon as the file is received and scanned by the target machine, and MS malware Protection Engine, respectively, revealed Microsoft in its security bulletin.
The updates include many that tackle the long-standing problems in Microsoft Office's numerous editions, comprising the 6 patches for MSWord and 1 for Excel and PowerPoint each.
Dave Marcus of McAfee, in a statement that was provided to the vnunet.com, said that the sudden increase of MS Office exploits carries forward the trend of the scammers targeting largely deployed MS business services and applications. malware writers have been exploiting un-patched an unknown vulnerabilities in established applications & services. The scammers use these vulnerabilities in zero-day attacks.
Updates for correcting 4 vulnerabilities in various versions of Microsoft Internet Explorer were also issued by the company. All 4 vulnerabilities were rated as "critical". However, flaws within the Data Access Components of Microsoft were fixed.
The patch released by the company repairs one issue with COM object and another with FTP server-usage.
Windows users who've activated the automatic-update feature of the software shall receive the security fixes on their machines with no efforts. Users may also download these patches from the website of the company itself.
Related article: An Internet Hack That Lasted 12 Hours
» SPAMfighter News - 23-02-2007