Microsoft Patches Five Critical Flaws
After hurriedly releasing a backup patch for the Windows ANI flaws in mid- April, Microsoft patched six more defects (five vital ones), as per its Patch Tuesday communication issued in Crn's April 11, 2007 release.
Four of the security updates released on April 10, 2007 are rated as critical. The flaw could impact the Microsoft Agent ActiveX portion of Microsoft Windows 2000, Windows XP and Windows Server 2003, and let a hacker hijack a computer, stealing private information and inserting malware for future strikes, Symantec's Security Response division's group product manager, Vince Hwang, mentioned in Crn's 11th April, 2007 issue.
"Symantec considers these patches indispensable, as greater chances of abuse through these flaws could endanger variants of Microsoft Windows, and Windows Vista," stated Hwang in Eweek's April 11, 2007 report.
Symantec's professional reported two faults as being "very wormable" since hackers could abuse these server-side bugs remotely without the knowledge of real users.
The latest patches were issued while IT officials were busy checking and setting the patches issued previous week in MS07-017, which handled the glitch the same way as the Windows ANI vulnerabilities, as indicated by April 11, 2007 issue of Searchsecurity.
These crucial defects as per Microsoft were able to infect the system and insert malware; watch, alter, or erase information; or form fresh user accounts with complete privileges.
The five critical defects needing security updates are MS07-018, MS07-019, MS07-020, MS07-021, and MS07-022.
The Roseville, Minn. based Shavlik Technologies LLC's chief security architect, Eric Schultz said that the faults in MS07-018 and MS07-019 are some of most wormable flaws he had seen in a while, as indicated by Searchsecurity's April 11, 2007 edition.
"These strikes could be worked online without involving the user. All XP boxes worldwide are susceptible to the Plug and Play fault. Hackers will be thrilled about them", he averred.
Schultz anticipates abuse code for the five updates to deluge the net soon. However MS07-018 and MS07-01 are those IT officials should fix initially.
"I would right away fix initial two. If the firewall in your XP system isn't working, you may stand to lose control over your computer", Schultz concurred.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 17-04-2007