Thursday, December 08, 2016
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Apple In Talks With Hollywood For Early Movie Rental
Bluetooth 5 Technology Brings Advancements In Terms Of Range, Speed And Capacity
Global Virtual Reality Association Established To Promote VR
Fitbit Acquired Assets from Pebble
GIGABYTE Announces Xtreme Gaming Peripherals, Including A Gaming Chair
Scythe Releases Improved Mugen 5 CPU Cooler Armed With Kaze Flex 120 Fan
Qualcomm Begins Sampling The 48- Core, 10nm Centriq 2400 Server Processor Family
Could Future Intel Chips Have AMD Graphics Inside?
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Microso...
Last 7 Days News : SU MO TU WE TH FR SA All News

Tuesday, November 14, 2006
Microsoft offers patches for seven 'critical' flaws


Microsoft Corp. today released six security bulletins detailing patches for nine separate flaws across several of its products as part of its monthly updates for November.

Seven of the flaws were rated "critical" by the company, while the other two were rated "important."

The most dangerous of the vulnerabilities in this month's batch is a flaw in Microsoft's Workstation Service memory, according to security vendor Symantec Corp. The flaw is remotely executable and allows attackers to potentially take complete control of compromised systems to create new user accounts, install programs and view, modify or delete data.

"A successful exploitation of this vulnerability could result in a complete system compromise," Symantec said in its advisory. "This issue can be exploited by remote anonymous attackers on Windows 2000, Windows XP and possibly Windows Server 2003 systems." Symantec added that a wide variety of component technologies and services are affected by this issue.

A remotely exploitable flaw in Microsoft XML Core Services poses another critical threat to enterprises because it has already been publicly disclosed, said Michael Sutton, security evangelist at Web application security firm SPI Dynamics Inc.

As with the Workstation Service flaw, attackers who successfully exploit this vulnerability could take complete administrative control of systems, Microsoft said in its advisory. Enterprises need to make patching this flaw a top priority because public exploits have already started becoming available, Sutton said.

Also important from an enterprise standpoint is the cumulative update Microsoft issued today to fix three separate remotely exploitable vulnerabilities in Internet Explorer, Sutton said. Two of the flaws addressed in the bulletin -- both involving DirectAnimation ActiveX controls -- have already been publicly disclosed, and exploit code for them has begun circulating, he said. November's security update is smaller than others this year in terms of the overall number of patches announced, according to Mark Allen, data manager at Shavlik Technologies LLC. "But the percentage that are critical and remotely exploitable is still pretty high," he noted. Patches for those are definitely worth deploying as quickly as possible, he said.

All of the flaws addressed by the current set of fixes -- except for the one in Workstation Service -- can be exploited over the Internet, though they require users to either go to malicious Web sites or click on malicious e-mails, Allen said.

The Workstation Service flaw, on the other hand, only requires an attacker to send a specially crafted packet to the network to be exploited, he said. "The potential for exploiting this one is pretty high," he added.


Previous
Next
Samsung Powers up 2.5" HDD Line with 160GB        All News        Intel Ignites Quad-Core Era
Epson and Microsoft Announce a Cross-License of their Patent Holdings     General Computing News      Google Closes YouTube Deal

Source Link Get RSS feed Easy Print E-Mail this Message

Related News
European Commission Approves Acquisition of LinkedIn by Microsoft, Subject to Conditions
Microsoft Is Careful With New Chatbot Zo, Now Available For Testing
Microsoft Offers Grants to Organizations Working to Improve Affordable Internet Access
Microsoft Wants To Bring Something Different in The Smartphone Market
Microsoft's Solitaire Game Now Available On iOS And Android
Microsoft Joins The Linux Foundation, Google Embraces The .NET community
Microsoft Buys 237 Additional Megawatts of Wind Energy
Microsoft Introduces Chat-based Workspace in Office 365
Microsoft Identifies Russia-linked Hackers Exploiting Windows Flaw
Microsoft Researchers Reach Human Parity in Conversational Speech Recognition
Microsoft Cloud Strength Highlights First Quarter Results
Microsoft's Cloud Investments In Europe Hits $3 billion

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2016 - All rights reserved -
Privacy policy - Contact Us .