Microsoft to repair critical Windows, Internet Explorer flaws

By SearchSecurity.com Staff 05 Jun 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Microsoft plans to issue three critical updates as part of its monthly batch of patches scheduled to be released on Tuesday.

The software giant said in its Patch Tuesday advance bulletin that the updates will address flaws in Microsoft Windows, Windows Server and Internet Explorer. The vulnerabilities could be exploited by attackers remotely to run malicious code and gain access to a victim's machine.

Microsoft critical updates: Microsoft releases Windows XP SP3 with NAP, security updates: Service Pack 3 for Windows XP includes Network Access Protection (NAP) capabilities used in Windows Vista.  Microsoft update patches critical flaws affecting Word, Publisher Critical vulnerabilities in Microsoft Jet Database Engine version 4.0 are being actively exploited in the wild.     Inside MSRC: Microsoft explains Word, Publisher flaws Security patching programs are not much different than racquetball games, says Microsoft's Bill Sisk. It's all about devising a strategy early to maintain control.

According to the advance bulletin, the updates address an issue with Internet Explorer that affect Windows 2000, Windows XP, Windows Vista and Windows Server 2003. The issues may be exploited via DirectX and affect versions 5.01 and higher of Internet Explorer.

Flaws labeled important will be addressed affecting Windows Server 2008. The holes could be exploited by an attacker to elevate their privileges or cause a denial of service condition. Microsoft said the vulnerability addressed by the update does not affect supported editions of Windows Server 2008 if it was installed using the Server Core installation option.

The patches Tuesday will also include an update of Microsoft's Windows Malicious Software Removal Tool. The update will be delivered via Windows Update (WU), Microsoft Update (MU), Windows Server Update Services (WSUS), and the Download Center.

Microsoft's Bill Sisk, the response communication manager for the Microsoft Security Response Center (MSRC), said the advance bulletin is preliminary and could be changed. It is released to help administrators plan for the updates, he said in the MSRC blog.

Last week, Microsoft warned Apple Safari users of new vulnerability. In an advisory, the software maker urged Safari users to change the browser's default download location. The problem is a bug in the default download location in Safari and in the way Windows handles executable files. An attacker could exploit the vulnerability by tricking users into visiting a website to download malicious content to the user's machine.

Tags: Windows Security: Alerts, Updates and Best Practices,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Security: Alerts, Updates and Best Practices New attack code targets Microsoft DirectShow zero-day vulnerability When BIOS updates become malware attacks Microsoft patches WebDAV security vulnerability in bevy of updates Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Hackers targeting unpatched Microsoft DirectShow flaw Microsoft warns of IIS zero-day vulnerability Microsoft updates Office to address serious PowerPoint vulnerabilities Microsoft to patch critical PowerPoint zero-day flaw How to perform Microsoft Baseline Security Analyzer (MBSA) scans Microsoft patches serious Excel zero-day, Windows flaws

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary BotHunter  (SearchSecurity.com) principle of least privilege (POLP)  (SearchSecurity.com) security identifier  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary