Network News

X My Profile
View More Activity

Microsoft Patches Four Windows Security Holes

Microsoft today released a pair of security updates to plug at least four security holes in its Windows operating systems and other software. The software patches are available through Windows Update or via Automatic Updates.

One of the patches earned Microsoft's most dire "critical" rating, while the other carries the less severe "important" label. Microsoft assigns a critical rating to vulnerabilities that hackers can exploit to break into vulnerable systems without any help from the victim. Important updates address flaws that usually require the victim to help the exploit along in some key way.

The critical update involves at least three flaws in a key component of Windows called Microsoft XML Core Services. This vulnerability is present in every supported version of Windows, as well as certain versions of Office. The second patch addresses an important flaw in the Microsoft Server Message Block (SMB), a component of Windows used to provide shared access to files, printers, and other communications over a network.

Microsoft says two out of four of the vulnerabilities fixed by these updates were publicly disclosed prior to today, so criminals may already have a head start in figuring out how to exploit them.

As always, please leave a note in the comments section below if you experience any problems after installing these updates.

As it does every Patch Tuesday, Microsoft also updated its "malicious software removal tool," which runs in the background looking for some of the most common strains of malware found on Windows PCs. This month's update includes Win32/Gimmiv, the malware first spotted last month that took advantage of a security hole for which Microsoft recently issued an emergency patch.

By Brian Krebs  |  November 11, 2008; 2:34 PM ET
Categories:  Latest Warnings , New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: VISA to Enforce Payment Card Security in Europe
Next: Pharmacy Processor Offers $1M Reward to ID Extortionists

No comments have been posted to this entry.

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company