Microsoft Issues Two Security Patches in November
Microsoft has released two security patches via its monthly update on November 13, 2007 with one that cleaned a serious bug from all editions of Windows Server 2003 and Windows XP.
The first patch is available in Microsoft Security Bulletin MS07-061 and it deals with vulnerability in the manner Windows shell utilizes URI or Uniform Resource Identifier strings. An exploitation of this flaw allows execution of arbitrary code on the exploited system.
Microsoft first admitted the existence of this flaw on October 10, 2007 although people knew about it since July 2007 with the publication of the vulnerability in a security advisory by security company Secunia.
Microsoft has rated this important security fix as "critical", which refers to the company's most urgent rating. Attackers could exploit the flaw using Internet Explorer 7 and may be other applications as well. The result could be complete compromise of a user's PC to use it for various nefarious activities such as spawning spam or stealing passwords.
Senior Research Manager of Symantec Security Response, Ben Greenbaum, said the prevalence of attacks using this bug had increased over the six months from June 2007 to November 2007 and that the software giant had appropriately responded with a patch. RCPMAG published this in news on November 13, 2007.
Greenbaum explained that the endpoint on the client side has always posed some security challenges but this particular endpoint presents challenges of numerous and varied categories. Greenbaum hopes the patch would give hackers less opportunities to install their code given that there is no dearth of vectors although that makes identification and correction more difficult.
The other patch that Microsoft has rated as "important", the second highest ranking in its severity order, has been developed for computers with Windows 2000 Server and Windows Server 2003 including all versions. This vulnerability in Microsoft's application is capable of exploitation to divert Internet traffic away from genuine Websites to counterfeit ones.
The fix is in Microsoft Security Bulletin MS07-062 that describes security hole in Windows DNS Servers, which, when exploited, could spoof the DNS code and thus divert traffic from genuine sites.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 27-11-2007