Microsoft Fixes Windows Critical Vulnerabilities

On September 8, 2009, Microsoft issued a batch of patches in order to address a minimum of seven documented worm holes in Windows.

The most severe of the flaws addressed could result in remote code execution as well as complete system takeover attacks. However, the lot of patches issued in September does not deal with FTP in IIS vulnerability which is aggressively being exploited at present.

Microsoft issued five important security patches to fix eight flaws in Windows, one of which is in the JavaScript engine that goes along with every supported version of Window's operating system.

The other defects lie in a couple of Windows Media Player file formats and in Windows' execution of TCP/IP, the Web's default collection of connection protocols. Moreover, automatic-configuration service of Windows' wireless network also embraces the vulnerabilities.

Andrew Storms, director of security operations at nCircle Network Security, said that three of the updates - MS09-045, MS09-046 and MS09-047 - are well classified as Internet Explorer (IE) issues, as the hackers will make the most out of the updates' 4 bugs by means of IE. Storms claimed them as the major problem of the month. This is because they affect the Internet Explorer when the users generally surf over the net on computer.

In the meantime, according to Ben Greenbaum, Research Manager at Symantec Security Response, the two bugs most likely to be exploited by criminals include the way in which Windows handles ASF and MP3 files, reported CNET NEWS on September 8, 2009.

Ben also said that similar exploits have been observed in past, wherein users would just have to visit an infected website hosting a malicious file that could be an MP3, WMV and WMA files, thereby getting infected.

McAfee Avert Labs added that especially two of the vulnerabilities relate to critical flaws in the networking components of Window Server 2008, Window Vista, and Windows Server 2003. These flaws allowed malicious program to propagate from one PC to the other.

Dave Marcus, Director of security research and communications, McAfee Avert Labs, said in a statement that these flaws are most likely to be abused by malicious code and are two of the best worms that have emerged since Conficker.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 9/30/2009