Network News

X My Profile
View More Activity

Two Microsoft Windows Patches Coming

Microsoft said today it plans to release two security updates for Windows computers next week, at least one of which will carry its "critical" label, which Redmond assigns to flaws that hackers and viruses could use to gain total ownership over vulnerable PCs.

Security Fix doesn't have any further insight as to exactly what those patches will correct, but I'm willing to bet that one of them will fix a very serious, known problem in Microsoft's Internet Explorer Web browser that several nasty Web sites are starting to exploit to plant software and spyware on visitors' machines.

I was discussing this particular flaw today with Alex Eckelberry, president of anti-spyware maker Sunbelt Software. He and Sunbelt's lead developer, Eric Sites, were showing me some cool new stuff they're adding to the next version of CounterSpy and tweaks they're doing to Kerio, personal firewall software they recently acquired. Both said they've already spotted half a dozen porn Web sites using the exploit code that was rather irresponsibly published last week by the UK-based hacker who discovered the IE flaw. The sites using the exploit appeared to have simply cut and pasted the code into their Web pages, Eckelberry and Sites said. 

It is likely more sites out there will start using the exploit soon. I sincerely hope Microsoft fixes this problem next week.

As a side note, I'd like to point out that tomorrow I will be hosting the first in a regular series of bi-weekly Live Online chats about all things computer- and Internet-security related. Drop on by for the live discussion, which starts at 11 a.m. ET on Friday, or -- better yet -- drop a question in the queue now.

By Brian Krebs  |  December 8, 2005; 4:10 PM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Govt: Fake Web Site Registrations Churn Online Fraud
Next: Another Attorney General Targeting Sony BMG?


It's good news that the GAO has identified websites with bogus data. Since the GAO is a government institution we should be able to get a copy of the bogus website list and filter those out for browsing.

It would be a great service for a public institution, Google, or a grass roots group to make such lists available.

Posted by: Stephen T. | December 10, 2005 8:12 AM | Report abuse

Not that posting a critical security update is good enough. We still see byte verify exploits used effectively by spyware. The patch for that critical vulnerability has been available for over a year.

Posted by: Stiennon | December 12, 2005 11:17 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company