Wednesday, September 17, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Sony To Offer Unity For PlayStation To PlayStation Licensed Developers
Blackberry Introduces Elegant Porsche Design P9983 Smartphone
Club 3D Launches 4K Docking Station
Logitech Gives You Control of Your Smart Home with the New Harmony Living Home Lineup
New iPads And OS X Yosemite Announcements Expected Next Month
Opera Max Data-savings App to be Embedded into MediaTek's LTE SoCs
Nero 2015 Supports Burning via Smartphone, WiFi Streaming
PMC Delivers 16-port SAS and SATA Storage Controllers
Active Discussions
Yamaha CRW-F1UX
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
 Home > News > General Computing > Microso...
Last 7 Days News : SU MO TU WE TH FR SA All News

Tuesday, November 14, 2006
Microsoft offers patches for seven 'critical' flaws


Microsoft Corp. today released six security bulletins detailing patches for nine separate flaws across several of its products as part of its monthly updates for November.

Seven of the flaws were rated "critical" by the company, while the other two were rated "important."

The most dangerous of the vulnerabilities in this month's batch is a flaw in Microsoft's Workstation Service memory, according to security vendor Symantec Corp. The flaw is remotely executable and allows attackers to potentially take complete control of compromised systems to create new user accounts, install programs and view, modify or delete data.

"A successful exploitation of this vulnerability could result in a complete system compromise," Symantec said in its advisory. "This issue can be exploited by remote anonymous attackers on Windows 2000, Windows XP and possibly Windows Server 2003 systems." Symantec added that a wide variety of component technologies and services are affected by this issue.

A remotely exploitable flaw in Microsoft XML Core Services poses another critical threat to enterprises because it has already been publicly disclosed, said Michael Sutton, security evangelist at Web application security firm SPI Dynamics Inc.

As with the Workstation Service flaw, attackers who successfully exploit this vulnerability could take complete administrative control of systems, Microsoft said in its advisory. Enterprises need to make patching this flaw a top priority because public exploits have already started becoming available, Sutton said.

Also important from an enterprise standpoint is the cumulative update Microsoft issued today to fix three separate remotely exploitable vulnerabilities in Internet Explorer, Sutton said. Two of the flaws addressed in the bulletin -- both involving DirectAnimation ActiveX controls -- have already been publicly disclosed, and exploit code for them has begun circulating, he said. November's security update is smaller than others this year in terms of the overall number of patches announced, according to Mark Allen, data manager at Shavlik Technologies LLC. "But the percentage that are critical and remotely exploitable is still pretty high," he noted. Patches for those are definitely worth deploying as quickly as possible, he said.

All of the flaws addressed by the current set of fixes -- except for the one in Workstation Service -- can be exploited over the Internet, though they require users to either go to malicious Web sites or click on malicious e-mails, Allen said.

The Workstation Service flaw, on the other hand, only requires an attacker to send a specially crafted packet to the network to be exploited, he said. "The potential for exploiting this one is pretty high," he added.


Previous
Next
Samsung Powers up 2.5" HDD Line with 160GB        All News        Intel Ignites Quad-Core Era
Epson and Microsoft Announce a Cross-License of their Patent Holdings     General Computing News      Google Closes YouTube Deal

Source Link Get RSS feed Easy Print E-Mail this Message

Related News
Microsoft Releases New Arc Touch Bluetooth Mouse, PC Accessories
Microsoft To Hold Next-generation Windows Event
Microsoft to Buy Minecraft maker Mojang
Microsoft To Drop The Nokia Branding
Microsoft Azure Media Services Adds Live streaming, Content Protection and Indexing Services
Microsoft Launches Delve For Office 365
Microsoft Updates MSN
China Gives Microsoft Deadline To Respond To Anti-trust Probe
China Probes Microsoft Over Web Browser And Media Player
FCC Filing Hints At a Microsoft Rival To Chromecast
Microsoft to Announce Windows 9 on September Event: report
Samsung, Microsoft Want To End Android Patent Dispute Soon

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .