Network News

X My Profile
View More Activity

Microsoft Plugs Critical Windows Security Hole

Microsoft today issued two software updates to remedy security vulnerabilities in its Windows operating systems, including one that criminal groups have been targeting lately to break into and steal data from vulnerable machines.

One of the patches fixes a critical flaw found in Windows XP and Windows Server 2003 systems that also have Internet Explorer 7 installed. This vulnerability is not present in Windows Vista. For more than a month now, cyber criminals have been blasting out spam e-mails containing malicious links or Adobe PDF documents that try to install spyware programs when users click the links or open the files.

The PDF attacks first surfaced about a month ago, after Adobe issued a patch to prevent PDFs from being used to exploit the Windows flaw. Experts said virus writing groups quickly disassembled that patch to pinpoint the weakness, which is caused by the way certain Windows installations validate things like malformed Web links.

The second problem Microsoft addressed today affects Windows Server 2003 and Windows 2000 Server systems, versions of Windows not typically used by the average home user.

Windows users can download the patches from the Microsoft Update Web site or via Automatic Updates.

By Brian Krebs  |  November 13, 2007; 2:01 PM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Apple Patches iPhone Security Hole
Next: Storm Worm Victims Get Stock Spam Pop-Up


There was also a new version of the Malicious Software Removal Tool:

Posted by: PJ | November 13, 2007 2:49 PM | Report abuse

In your post of 11/9/07 you provided a link to Macrovision and indicated that MS is working with the company to push out an update thu its regular monthly patch process.
Did today's patch address that problem or should I install the Macrovision patch?

Posted by: Patton | November 13, 2007 2:59 PM | Report abuse

@Patton -- No, I am not aware of a patch from Microsoft for the Macrovision thing.

Posted by: Bk | November 13, 2007 3:47 PM | Report abuse

Regarding Macrovision, from the Microsoft Security Response Center Blog

"we wanted to make sure you knew that we are working with Macrovision to test the Macrovision update for deployment using Microsoft's security update process. Once the update has gone through the Microsoft security update testing process, completed deployment testing and is ready for release, Microsoft will release it to customers as part of the Microsoft security update process."

Posted by: TJ | November 15, 2007 4:01 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company