Microsoft five critical updates won't include IIS

By SearchSecurity.com Staff 04 Sep 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Microsoft said it plans to release five critical patches next week, repairing flaws in Microsoft Windows that could be remotely attacked by hackers.

In its advance notification issued Thursday, the software giant said two of the updates require mandatory restarts. The patches affect Windows 2000, XP and Vista, as well as all three of Microsoft's server platforms 2000, 2003 and 2008.

Microsoft said it won't have a patch ready for a vulnerability affecting the FTP Service in Microsoft Internet Information Services 5.0. A security advisory was issued earlier this week warning users about the flaw.

Exploit code was published, but so far there have been no reported ongoing attacks in the wild, Microsoft said. The exploit code began circulating on the Milw0rm site on Monday.

While a patch is being tested, Microsoft issued recommendations alerting customers to a workaround. Companies can modify the NTFS file system permissions to bar FTP users from creating directories.

Tags: Windows Security: Alerts, Updates and Best Practices,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Security: Alerts, Updates and Best Practices Windows 7 DOS flaw allows hackers to freeze Microsoft's newest OS Microsoft patches serious Windows kernel flaws Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Microsoft issues SMB vulnerability advisory, patch pending Attackers target Microsoft IIS; new SMB flaw discovered

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary BotHunter  (SearchSecurity.com) principle of least privilege (POLP)  (SearchSecurity.com) security identifier  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary