Microsoft issues critical Windows patches

Microsoft on Tuesday issued five critical Windows-related updates as part of its monthly Patch Tuesday release.

The five bulletins address eight vulnerabilities. According to Symantec Security Response research manager Ben Greenbaum, the two vulnerabilities most likely to be used by attackers involve the way Windows handles ASF and MP3 media files. “We’ve seen similar exploits in the past and all a user would have to do is visit a compromised Web site hosting one of these malicious files, which could be an MP3, WMA or WMV file, and they could become infected.”

In addition, Microsoft said it is re-releasing a bulletin from last month to address an additional control found to be vulnerable to an issue with the Microsoft Active Template Library.

Greenbaum noted that Microsoft has yet to issue a patch for a zero-day flaw in Internet Information Services that was made public last week. “Until a patch for this is issued, as a temporary workaround we suggest IT administrators using IIS 5.0 and 6.0 turn off anonymous write access immediately,” Greenbaum said. “We also recommend using a firewall and restricting access to creating directories. Those using IIS 7.0 with FTP Service version 6.0 installed should upgrade to FTP Service version 7.5.”

There are already some attacks being seen based on that flaw.

“While the company will not release an update this month, it will do so once it has reached an appropriate level of quality for broad distribution,” Microsoft said.

Meanwhile, Microsoft said Tuesday that it is investigating another zero-day issue, this one a reported flaw in Windows Vista and Windows 7.

As for the patches Microsoft did release on Tuesday, Qualys CTO Wolfgang Kandek noted that some of the bulletins are interesting in that they either affect only newer operating systems or are more critical on later versions–the reverse of what is normally the case. Overall, he said, five Windows patches should keep IT workers busy.

“Due to the criticality of the patches and wide coverage of the operating system, this will be a busy day for IT administrators,” Qualys CTO Wolfgang Kandek said in an e-mail.

Source :

Comments are closed.

Olivia’s Tweets
Skysa App Bar