Expect 13 Windows patches, some critical

Microsoft will release patches Tuesday to fix critical security holes in Windows Media Player, MSN Messenger, Microsoft Office and Visual Studio.

IT administrators should plan for a very busy Patch Tuesday.

Microsoft said on its TechNet site that it expects to issue 13 security bulletins Tuesday, some of them for critical security holes in Windows Media Player, MSN Messenger, Microsoft Office and Visual Studio.

The software giant won't reveal full details of vulnerabilities to be patched until Tuesday afternoon. But Thursday it revealed that its patch release will address:

  • "Moderate" security holes affecting SharePoint Services and Office;
  • "Important" vulnerabilities in the .NET Framework;
  • One or more "critical" vulnerabilities affecting Microsoft Office and Visual Studio; and
  • One or more "critical" flaws in Windows, Windows Media Player and MSN Messenger.

Several media reports in the past month have mentioned vulnerabilities in Media Player. And Thursday several antivirus firms reported the appearance of two pieces of malicious code targeting MSN Messenger.

More on Microsoft and patching

Can we sue Microsoft for writing years of horrible code and for causing many of the today's infosec headaches?


Do you think that Microsoft is improving its patch management service as a part of their Trustworthy Computing Initiative?

PandaLabs of Glendale, Calif., was among those issuing an alert for Bropia-E and Gaobot-CTX, which displays a photo of a roast chicken with a bikini tan in its messages.

Bropia-E uses MSN Messenger to spread, disguising itself as an image file with a variable name "taken from a long list of options and a .pif or .scr extension," PandaLabs said. Examples include "bedroom-thongs.pif," "LMAO.pif" or "LOL.scr."

If the user runs the file, the sinister code sends itself out to all the contacts in MSN Messenger and creates various files on the computer, including one called "winhost.exe," which contains Gaobot-CTX.

Gaobot-CTX carries out the actions that pose the biggest threat to the computer, connecting to IRC channels and waiting for commands from a remote user, PandaLabs said. This allows the attacker to download "all kinds of files to the affected computer: spyware, adware, other viruses, etc."

Dig deeper on Windows Security: Alerts, Updates and Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close