Microsoft Patches Four Windows Security Holes
Microsoft today released a pair of security updates to plug at least four security holes in its Windows operating systems and other software. The software patches are available through Windows Update or via Automatic Updates.
One of the patches earned Microsoft's most dire "critical" rating, while the other carries the less severe "important" label. Microsoft assigns a critical rating to vulnerabilities that hackers can exploit to break into vulnerable systems without any help from the victim. Important updates address flaws that usually require the victim to help the exploit along in some key way.
The critical update involves at least three flaws in a key component of Windows called Microsoft XML Core Services. This vulnerability is present in every supported version of Windows, as well as certain versions of Office. The second patch addresses an important flaw in the Microsoft Server Message Block (SMB), a component of Windows used to provide shared access to files, printers, and other communications over a network.
Microsoft says two out of four of the vulnerabilities fixed by these updates were publicly disclosed prior to today, so criminals may already have a head start in figuring out how to exploit them.
As always, please leave a note in the comments section below if you experience any problems after installing these updates.
As it does every Patch Tuesday, Microsoft also updated its "malicious software removal tool," which runs in the background looking for some of the most common strains of malware found on Windows PCs. This month's update includes Win32/Gimmiv, the malware first spotted last month that took advantage of a security hole for which Microsoft recently issued an emergency patch.
November 11, 2008; 2:34 PM ET
Categories: Latest Warnings , New Patches
Save & Share: Previous: VISA to Enforce Payment Card Security in Europe
Next: Pharmacy Processor Offers $1M Reward to ID Extortionists
The comments to this entry are closed.