Article

Microsoft to repair critical Windows, Internet Explorer flaws

SearchSecurity.com Staff

Microsoft plans to issue three critical updates as part of its monthly batch of patches scheduled to be released on Tuesday.

The software giant said in its Patch Tuesday advance bulletin that the updates will address flaws in Microsoft Windows, Windows Server and Internet Explorer. The vulnerabilities could be exploited by attackers remotely to run malicious code and gain access to a victim's machine.

    Requires Free Membership to View

    Login

Microsoft critical updates:
Microsoft releases Windows XP SP3 with NAP, security updates: Service Pack 3 for Windows XP includes Network Access Protection (NAP) capabilities used in Windows Vista.

 Microsoft update patches critical flaws affecting Word, Publisher Critical vulnerabilities in Microsoft Jet Database Engine version 4.0 are being actively exploited in the wild.    

Inside MSRC: Microsoft explains Word, Publisher flaws Security patching programs are not much different than racquetball games, says Microsoft's Bill Sisk. It's all about devising a strategy early to maintain control.

According to the advance bulletin, the updates address an issue with Internet Explorer that affect Windows 2000, Windows XP, Windows Vista and Windows Server 2003. The issues may be exploited via DirectX and affect versions 5.01 and higher of Internet Explorer.

Flaws labeled important will be addressed affecting Windows Server 2008. The holes could be exploited by an attacker to elevate their privileges or cause a denial of service condition. Microsoft said the vulnerability addressed by the update does not affect supported editions of Windows Server 2008 if it was installed using the Server Core installation option.

The patches Tuesday will also include an update of Microsoft's Windows Malicious Software Removal Tool. The update will be delivered via Windows Update (WU), Microsoft Update (MU), Windows Server Update Services (WSUS), and the Download Center.

Microsoft's Bill Sisk, the response communication manager for the Microsoft Security Response Center (MSRC), said the advance bulletin is preliminary and could be changed. It is released to help administrators plan for the updates, he said in the MSRC blog.

Last week, Microsoft warned Apple Safari users of new vulnerability. In an advisory, the software maker urged Safari users to change the browser's default download location. The problem is a bug in the default download location in Safari and in the way Windows handles executable files. An attacker could exploit the vulnerability by tricking users into visiting a website to download malicious content to the user's machine.


Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top