Better Get To Patching
10 new updates for Windows PCs released by Microsoft
Wednesday, June 15, 2005
BY : Brian Ashe
After a relatively quiet May, Microsoft has released 10 new patches to address vulnerabilities in there software products. Three of these have been deemed "critical". The critical label means that these are easy to exploit remotely and that there may already be active attempts to use these in the wild or that they will be coming soon.
The three critical updates all allow for an attacker to take full control of the victim's computer. One is a cumulative update for Internet Explorer (MS05-025) that includes a fix for rendering PNG images. Also there is the Vulnerability in HTML Help (MS05-026), the caveat being that you must have administrative privileges to be taken over, however, this is a common situation for Windows users. Finally there is a hole in the Server Message Block (SMB) protocol (MS05-027) used for file and print sharing on Windows networks. Some specially crafted packets could lead to penetration.
The rest of the updates have slightly less impact as they are less used or only on servers. They include remote code execution holes in Windows Web Client Service, Outlook Web Access for Microsoft Exchange, Outlook Express NNTP news reader functions and Microsoft Windows Interactive Training (which is not installed by default) all of which were deemed "Important" by Microsoft. Finally, there are the "moderate" threats that include a vulnerability in Microsoft Agent that could allow spoofing of legitimate content, an information disclosure vulnerability in the Windows Telnet Client and an elevation of privilege problem in Microsoft ISA Server 2000 that could allow an attacker to walk around the packet filtering.
The severity of some of these flaws makes it extremely important to get this issues fixed on your computer(s). You can always use the "Windows Update" button in your Start panel or visit the Microsoft Windows Update Site here.
|
