Critical IE, Exchange Flaws in Microsoft's Patch Tuesday
Microsoft Corp. today released four patch bundles to fix at least eight security vulnerabilities in PCs powered by its Windows operating system and other software. The fixes are available through Microsoft Update or via Automatic Updates.
Half of the flaws fixed in February's patch batch earned Microsoft's most urgent "critical" rating, meaning attackers could wield them to break into vulnerable systems with little or no assistance from users, aside from maybe convincing users to visit a booby-trapped Web site or open a specially-crafted e-mail.
Two of the critical vulnerabilities reside in Microsoft's Internet Explorer 7 Web browser (oddly enough, Microsoft says IE6 is not affected).
The other two critical flaws Redmond fixed are found in Microsoft Exchange, an e-mail server program used by tens of millions of organizations.
Andrew Storms, director of security operations for nCircle, a network security company, said the Exchange vulnerability is especially serious for businesses, because an attacker could seize control over an Exchange server merely by sending a well-crafted e-mail attachment to a company's Exchange server.
"All kinds of highly confidential and proprietary information pass through an Exchange server every day," Storms said. "Gaining control over it and its content would be a gold mine to any cyber criminal."
Microsoft says it is unlikely that criminals will develop code capable of exploiting the reliably, and that it is not aware of any attacks yet against this privately reported vulnerability.
Despite those assurances, Storms said bad guys are likely to latch onto this flaw.
"Don't be surprised if we begin to see early exploit code within a week," he said.
The two remaining updates fix a privately reported vulnerability in SQL Server database software, and three privately reported flaws in Microsoft Office Visio.
February 10, 2009; 6:15 PM ET
Categories: Latest Warnings , New Patches , Safety Tips
Save & Share: Previous: Covering Your Tracks in Firefox
Next: Microsoft Offers $250,000 Reward for Conficker Worm Author(s)
Posted by: Tim106 | February 10, 2009 7:39 PM | Report abuse
Posted by: edbyronadams | February 10, 2009 7:53 PM | Report abuse
Posted by: firstname.lastname@example.org | February 10, 2009 7:56 PM | Report abuse
Posted by: ComfortablyDumb | February 11, 2009 10:22 AM | Report abuse
Posted by: hairguy01 | February 11, 2009 10:50 AM | Report abuse
Posted by: CB12 | February 11, 2009 11:04 AM | Report abuse
Posted by: Tim106 | February 11, 2009 4:04 PM | Report abuse
Posted by: askgees | February 11, 2009 4:13 PM | Report abuse
Posted by: PeterFellenz | February 12, 2009 10:59 AM | Report abuse
Posted by: peterpallesen | February 12, 2009 12:04 PM | Report abuse
Posted by: critter69 | February 15, 2009 5:42 AM | Report abuse
The comments to this entry are closed.