Exploits Released for Newly Patched Windows Flaws
If you're a Windows user and have been putting off installing the latest round of patches Microsoft issued Tuesday, it's time to stop procrastinating: Programs that demonstrate how attackers might weild several of the flaws addressed by those patches have been posted publicly online, and it's only a matter of time before the bad guys start using them to break into vulnerable computers.
At least four different exploits have been found, two of which exploit a weakness in Windows Media Player, and another pair that target a problem with the Microsoft plug-in that extends some Media Player features to non-Microsoft browsers like Firefox and Opera. Security Fix had a writeup about these patches on Tuesday.
Many people who use Windows Update and Microsoft's automatic update service reported problems installing one of Tuesday's fixes, MS06-007. One of my Windows PCs that is configured to download patches automatically also had this problem, and the patch did not install. If anyone cares, Microsoft has an entry on its blog that explains how that happened. Anyway, they fixed the problem, and when I turned my machine on today it downloaded and installed the patch successfully.
The previously problematic patch applies to Windows XP and Windows Server 2003. If you're using either of these operating systems, you should be able to verify that this patch is installed by going to Add/Remove Programs from the Windows control panel (making sure that the "show updates" box is checked). Scroll down to the bottom of the list of installed programs, and you should see a bunch of "Security Update" entries. This particular patch is identified as "Security update for Windows XP (KB913446)." If you're an XP user and don't see the patch installed, head on over to Microsoft Update.
Posted by: Michael | February 17, 2006 5:16 PM | Report abuse
Posted by: KT | February 17, 2006 7:07 PM | Report abuse
Posted by: Bk | February 18, 2006 11:27 AM | Report abuse
Posted by: John Martel | March 16, 2006 7:58 PM | Report abuse
The comments to this entry are closed.