HomeSecurity

Microsoft Crafts Critical Patches

Jim Wagner
By Jim Wagner

Microsoft released two security bulletins on Patch Tuesday and it revised a patch originally released in October.

Developers issued a cumulative security update to vulnerabilities discovered in Internet Explorer.

COM object instantiation memory corruption and mismatched DOM objects memory corruption vulnerabilities were deemed critical in all versions of IE except IE 6 for Windows Server 2003.

Left unpatched, the vulnerabilities could allow an attacker to take complete control of the user’s PC, though the user would first have to visit a Web site or open an e-mail message containing the exploit.

The moderate IE flaws deal with a manipulation vulnerability in the file download dialog box and a vulnerability in the HTTPS proxy.

The second security bulletin, MS05-055, is a fix to the Windows kernel that, left unchecked, would give the attacker elevation of privilege permissions on the computer, such as administrator rights.

Because the attacker would have to log on to a machine with a valid login and run a program locally, the security bulletin was rated “important,” rather than “critical.”

The vulnerability is a flaw in the asynchronous procedure call (APC) function in Windows 2000 Service Pack 4, reported by security firm eEye Digital Security in May. Security experts said that while in and of itself the vulnerability is important, its use in a blended attack — such as an e-mail worm or virus — makes it critical because it would give the attacker a remote means to take over the machine.

“This vulnerability is unusual in that it represents a growing trend of blended threats attackers are using to subvert systems remotely,” Marc Maiffret, eEye co-founder and chief hacking officer, said in a statement. “These types of threats highlight the need for enterprises to focus on host-based solutions that enable them to make their networks zero-day immune.”

A revised patch for MS05-50, originally released in October to plug a DirectShow vulnerability, was released today as well for customers using Windows 2000 Service Pack 4, Windows XP SP 1 and Windows 2003.

Jim Wagner
Jim Wagner
Previous article
Cyber Security Group Flunks Washington
Next article
HP Investors Look For Growth

Similar Posts

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

Advertisers

Advertise with TechnologyAdvice on InternetNews and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2024 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.