. Updated Daily. Editions SDA India   SDA Indonesia
JAX Asia 2008 - Conference for Enterprise Java, SOA, Spring, Web Services, Ajax, Agile and more
BUSINESS ENTERPRISE SOLUTIONS ARCHITECTURE INFORMATION SECURITY WIRELESS & MOBILITY DATA & STORAGE DEVELOPMENT HARDWARE













Features

Friday, 15 December 2006

Patch Tuesday Lugs Critical Updates
 

Microsoft has launched seven patches for 11 vulnerabilities. The Redmond, Washington based company has also revealed two zero-day flaws in Windows Media Player. The updates are said to set right the WMI Object Broker ActiveX control in Visual Studio 2005...
 

 

Microsoft has launched seven patches for 11 vulnerabilities. The Redmond, Washington based company has also revealed two zero-day flaws in Windows Media Player. The updates are said to set right the WMI Object Broker ActiveX control in Visual Studio 2005, a Microsoft development platform. Apart from launching all these security updates, Microsoft has seemed to have overlooked two two critical Word vulnerabilities.

"I would anticipate an out-of-band patch given the severity of these vulnerabilities and the tremendous use of Word in the business community," said Amol Sarwate, manger of the vulnerability labs at Qualys. "Understandably, Microsoft didn't have time to incorporate (these vulnerabilities) into their patch cycle. This highlights the trend of zero-day exploits where hackers are releasing exploits just before the Patch Tuesday cycle so Microsoft doesn't have enough time to address them."

The updates released by the company focus on the ASX file format, processed by the Media Player. The Microsoft Security Response Centre blog reads that attackers can produce distorted ASX files to cause a buffer overflow resulting in remote code execution.

Michael Sutton, security evangelist at SPI Dynamics, said, "Overall this year, we've had a tremendous amount of Office vulnerabilities," he continued, "You take a known, good file, like a Microsoft Word file, and start mangling pieces of it. There's a real shift in focus from server-side to client-side (vulnerabilities). It's the client-side vulnerabilities that really lend themselves to phishing and identity theft."

Microsoft claims that it is still working on a patch for a flaw in multiple versions of its Word word processor Relevant Products/Services.

The company said it was looking into small-scale reports that hackers had used the vulnerability to take control of computers by sending a rigged e-mail attachment.

Alex Shipp, a researcher for antivirus vendor MessageLabs, said it appeared that vulnerability was being used by just one criminal outfit in "highly targeted attacks." So far, Shipp said, the overall impact of the flaw is low.
 
 
print save email comment

print

save

email

comment
 
 

Search SDA Asia

Free eNewsletter
SDA Asia Magazine Free Download
 
 
 
Copyright @ 2008 SDA Asia Magazine - All Right Reserved Privacy Policy | Terms of Use