Home > Security News > Critical security patches coming for Windows, Exchange
Security News:
EMAIL THIS LICENSING & REPRINTS

Critical security patches coming for Windows, Exchange

By Bill Brenner, Senior News Writer
04 May 2006 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Microsoft customers will get patches for security holes in Windows and Exchange Tuesday, but they may have to wait longer for fixes that address the latest flaws in Internet Explorer.

In the monthly Patch Tuesday preview on its TechNet site, the software giant said it will release three security updates in all -- one critical fix for Exchange and two for Windows, at least one of which will also be critical.

As it does every month, the company will also update its malicious software removal tool and offer a Webcast Wednesday so customers can ask questions or air concerns.

Microsoft will also release two non-security, high-priority updates via Microsoft Update (MU) and Windows Server Update Services (WSUS). The company didn't say what those updates will address.

"Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released," Microsoft said.

The advance bulletin didn't mention any potential Internet Explorer patches. Microsoft released a super-sized fix for the browser last month, but since then at least three new flaws have surfaced.

The first problem is a race condition that appears when security dialogs are displayed and processed; prompting a user to install and execute an ActiveX control. Attackers could exploit this to manipulate the dialog box and remotely compromise a vulnerable system by convincing a user to visit a specially crafted Web page. Attackers could then install or execute a malicious ActiveX control on the victim's machine.

The second problem is an origin validation error that appears when "mhtml:" URL redirections are handled. Attackers could exploit this to read content and data served from another domain in the context of a malicious Web page, FrSIRT said, adding that fully functional exploit code has been released.

The third problem is caused by an error in how certain sequences of nested "object" HTML tags are processed. Attackers could exploit it to launch malicious code and corrupt system memory.

Microsoft has confirmed it is investigating the flaws, and said the first two would take significant user interaction to exploit.

Tags: Patch ManagementVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google




More Tips to Secure Your Network
Focused on Channel Security?
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts