CDRInfo Forum CDRInfo Forum

Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

Microsoft Patches Critical Bugs In Internet Explorer   Logged in as: Guest
Viewers: 536 You can click here to see Today's Posts | Most Active Topics | Posts Since Last Visit
  Printable Version
All Forums >> [News Around The Web] >> Microsoft News >> Microsoft Patches Critical Bugs In Internet Explorer Page: [1]
Message << Older Topic   Newer Topic >>
Microsoft Patches Critical Bugs In Internet Explorer - 12/13/2005 7:35:12 PM   

Posts: 1011
Joined: 8/4/2003
From: Ontario - Canada
Status: offline
Microsoft releases two security bulletins that patch four vulnerabilities in IE -- including the zero-day bug--and one in Windows 2000.

Microsoft on Tuesday released two security bulletins that patched four vulnerabilities its Internet Explorer browser and one in its Windows 2000 operating system. Two of the vulnerabilities were tagged by Microsoft as "critical."
As expected, one of the four fixes for IE is a patch for the zero-day vulnerability acknowledged by Microsoft in late November.

Microsoft's first bulletin, MS050-054, fixes four separate bugs in Internet Explorer, two of them marked with Microsoft's most serious label, critical.

Those two relate to IE's problem handling malicious COM objects and a more recent issue that's emerged with active scripting. Attackers exploiting the problems can grab control of a PC remotely, then do whatever they want with the compromised machine.

The other two flaws fixed Tuesday in IE were marked "moderate" by Microsoft.

All four issues affect virtually every version of IE still supported, including IE 5.0, 5.5, and 6.0. Even the more secure IE 6.0 running under Windows XP SP2 is vulnerable.

Some of the bugs rely on social engineering tricks -- one vulnerability lies in the how IE displays file download boxes -- but all require that users be duped into visiting malicious Web sites where exploits were waiting in ambush.

Two of the four bugs were previously unreported, but two were known by attackers, and one -- the vulnerability in active scripting -- was already being exploited. That situation, a so-called "zero-day" event where an active exploit beats a patch to the punch, is the most serious of security scenarios.

"That's the one everyone will be asking about today," said Steve Manzuik, the security product manager for eEye Digital Security's research group.

Earlier, Microsoft had issued an advisory about the zero-day bug, and also urged users to scan their systems using Microsoft's Windows Live Safety Center.

The second bulletin, numbered MS05-055, was credited to eEye. Although it's marked as "important," one step below "critical" on Microsoft's four-level warning system, eEye's Manzuik argued that it posed a risk almost as great as the Internet Explorer flaws.

"By itself [MS05-055] is only a local escalation of privileges, but if it's combined with something else, a worm or Trojan that leverages another IE vulnerability, it would give the attack system-level access," said Manzuik.

The patch fixes the vulnerability in Windows 2000's processing of asynchronous procedure calls within the kernel. eEye's alert notes that the bug also exists in Windows NT 4.0; Microsoft discontinued all but custom support for that operating system late last year.

Users can obtain the month's patches via Windows' Automatic Update, from the Microsoft Update service, or through other software and services the company maintains, such as Windows Server Update Services (WSUS) or Software Update Services (SUS).

Source : Techweb
Post #: 1
RE: Microsoft Patches Critical Bugs In Internet Explorer - 12/14/2005 2:02:34 AM   

Posts: 387
Joined: 6/28/2005
From: Holon, Israel
Status: offline
how can I get those updates ?
the security fixes and such for XP and IE ?
I dont seem to get them :(

(in reply to WinThusiast)
Post #: 2
RE: Microsoft Patches Critical Bugs In Internet Explorer - 12/14/2005 4:50:02 AM   

Posts: 5743
Joined: 4/11/2002
From: Retired Moderator
Status: offline
Nothing wrong with WinXP.

Go to the windows update site.


LG GSA H22L Firm 1.02
Samsung SH-203N Firm SB01
LiteOn SOHD-16P9S Firm FS0D

(in reply to major9686)
Post #: 3
Page:   [1]
All Forums >> [News Around The Web] >> Microsoft News >> Microsoft Patches Critical Bugs In Internet Explorer Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI