Muyuka Sons And Daughters of America

Unity – Solidarity – Progress

Posts Tagged ‘Security’

Windows

Posted by musada on August 16, 2009

The following was forwarded to us by Tom Batta

Microsoft Fixes 19 Windows Security Flaws

Microsoft today issued a raft of software updates to plug at least 19 security holes in its various Windows operating systems and other software, 15 of which earned the company’s most dire “critical” rating.

This month’s batch of patches fix some fairly dangerous flaws.. Redmond labels a security flaw “critical” if attackers could use it to seize control over a vulnerable system without any help from the victim. What’s more, a dozen of the flaws earned the highest rating on Microsoft’s “exploitability index,” which is the software maker’s best estimation of the likelihood that criminals will soon develop reliable ways to exploit them to break into Windows-based machines.

Patches are available for Windows 2000, XP, Vista, Windows Server 2003 and Windows Server 2008. Microsoft said none of the vulnerabilities affect Windows 7, its newest operating system. Windows users can download the updates from Windows Update or via Automatic Updates

Many of the flaws fixed this month stem from faulty ActiveX controls, tiny programs built to work with Internet Explorer that have full access to the Windows operating system. As a result, flaws in ActiveX controls can give hackers extremely powerful tools with which to take over vulnerable systems. In my opinion, ActiveX flaws are among the prime reasons to browse the Web with an alternative browser, such as Firefox or Opera. Indeed, according to Microsoft, all of these ActiveX vulnerabilities can be exploited merely by convincing an Internet Explorer user to visit a hacked or malicious Web site.

At least five of the vulnerabilities are ActiveX flaws associated with a software development “template” or code library that Microsoft makes available to other software makers and uses throughout Windows. Last month, Microsoft issued an emergency update to fix this flawed template, known as an “active template library” or ATL, and the company says attackers are currently exploiting at least one of those ATL flaws.

Today’s release also fixes four ActiveX flaws that shipped with most supported versions of Microsoft Office, including Office 2000 Web Components, Office XP, and Office 2003. Microsoft warns that at least one of these Office flaws is actively being exploited online.

Another notable update shipped this month fixes a pair of critical flaws in the way Windows processes .AVI files, meaning attackers could use this vulnerability to hijack Windows computers just by getting someone to open a booby-trapped video file.

As usual, please drop a line in the comments if you experience any problems installing these patches, or stability or usability issues after installing them. A breakdown of the vulnerabilities fixed in this month’s patch release is available here.

By Brian Krebs  |  August 11, 2009; 3:01 PM ET
 

Advertisements

Posted in Uncategorized | Tagged: , , , , | 1 Comment »