All Things Microsoft > Microsoft as a Company
Microsoft Points Out 'High-Priority' Patches
MrX:
March 7, 2005
nEwZ BrOuGhT tO yOu By Mr X !
From http://www.eweek.com/article2/0,1759,1761896,00.asp
--- Quote ---
Microsoft on Tuesday released 12 advisories to cover 17 security flaws in a range of products, including high-priority patches for Internet Explorer, Windows Media Player, Windows Messenger and MSN Messenger.
The February batch of patches includes eight "critical" fixes, and Microsoft officials say IT administrators should prioritize and deploy patches for four potentially dangerous code-execution holes.
ADVERTISEMENT
Stephen Toulouse, program manager at the Microsoft Security Response Center, told eWEEK.com that the company has identified the four "high-priority" patches because of the availability of public exploits that target those holes.
The four are MS05-009, which affects PNG processing in the media player and instant messaging software; MS05-010 for a flaw in the Windows license logging service; MS05-011 for a bug in the Windows Server Message Block; and MS05-014, which is a cumulative fix for the IE browser.
"If you're applying these patches manually, you should prioritize these four," Toulouse said, warning that a successful attack could cause major damage within a network.
He said the Internet Explorer fix, which has been under development since last October, addresses the previously reported high-risk vulnerabilities that could allow system hijack, cross-site/zone scripting and security bypass.
The IE update affects users of Windows 98, Windows ME, Windows 2000 Service Pack 3 and Service Pack 4, Windows XP Service Pack 1 and Service Pack 2, Windows Server 2003.
eWEEK.com Special Report: Keeping Pace with Microsoft's Patches
According to Microsoft, the IE fix corrects a drag-and-drop flaw that puts users at risk of PC hijack; a URL decoding zone spoofing vulnerability; a DHTML Method heap memory corruption bug; and a cross-domain vulnerability in CDF (Channel Definition Format).
Toulouse also urged Windows users to prioritize and apply patches for the PNG processing flaw that affects Windows Media Player 9 Series, Windows Messenger 5.0, and Microsoft Messenger 6.2 and 6.2.
"An attacker could try to exploit the vulnerability by constructing a malicious PNG that could potentially allow remote code execution if a user visited a malicious Web site or clicked a link in a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft warned in the advisory.
--- End quote ---
go see this http://www.eweek.com/article2/0,1759,1764112,00.asp
http://computerworld.co.nz/news.nsf/0/A60A75557BA586FCCC256FA400106150?OpenDocument&pub=Computerworld
http://www.theage.com.au/news/Breaking/Exploits-released-for-MSN-flaw/2005/02/11/1108061857472.html?oneclick=true
--- Quote ---The author of one sample of exploit code said it had been tested on MSN Messenger 6.2.0137 and could be exploited on Windows 2000 and Windows XP, no matter what service pack had been applied.
--- End quote ---
now we know how to get microshaft to release fixes really fast. publish the vulnerabilities and a newbie how-to guide on a popular internet site!!!
Mr X
Aloone_Jonez:
Same old story - a patch to pach a patch to a patch to patch a...
program manager :D isn't that the Windows 3.x shell?
Calum:
how come they always release tons of fixes at once? this always makes me think the vulnerabilities have mostly been known for a long time, but they just couldn't be arsed to fix them.
E-61993:
I agree with you. They always have 4+ updates at a time. unfortunally i am forced to use windows. I do have linux on my computer too. Whenever i get an update it is a bunch of them at once. Why do they even bother to come out with updates to IE. IE is just one giant hole and they are slowly patching it.Once their sales are down to one copy of windows a day they will be forced to admit that windows sucks and they always knew it. I have compared linux to windows and Win XP looks somwhat like linux. MICROSOFT SUCKS!!!!!!:fu::fu::fu::fu:
Calum:
who forces you to use it incidentally?
Navigation
[0] Message Index
[#] Next page
Go to full version