SCF Portal Stats

Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42945
  • Total Topics: 16144
  • Online Today: 4572
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Post reply

Name:
Email:
Subject:
Message icon:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Samker
« on: 04. February 2011., 08:14:17 »



Microsoft plans to release 12 security patches at next week's "Patch Tuesday" event – three of them rated "critical," the company said Thursday. Those critical patches contain a total of six critical bug fixes, mostly for security vulnerabilities in Windows and Internet Explorer (IE).

The disclosure came as part of the advance patch notification process wherein Microsoft (NASDAQ: MSFT) warns security professionals how much work to expect by sending them a notice on the Thursday prior to the monthly patch drop.

Altogether, the 12 patches – each of which can contain multiple bug fixes – contain a total 22 fixes, according to a post on the Microsoft Security Response Center (MSRC) blog: http://blogs.technet.com/b/msrc/archive/2011/02/03/advance-notification-service-for-the-february-2011-security-bulletin-release.aspx

The rest of the fixes and patches are rated "important," the second most-severe rating after critical on Microsoft's four-tiered ranking scale. So while there are fewer critical patches than on some other months, there will still be plenty of work for security professionals.

Among the security vulnerabilities being patched on Tuesday is a fix for a critical graphics rendering flaw in Windows – a zero-day vulnerability that Microsoft warned customers was loose on the Web in early January.

That bug lets hackers plant a booby-trapped thumbnail image on a malicious website or contained in a Word or PowerPoint file sent as an attachment to an e-mail. Opening the image can result in complete compromise of users' PCs.

Another of the patches fixes a hole in Internet Explorer that was discovered around Christmas, when there were "limited" attacks on the Web. The patch fixes a flaw in the way that cascading style sheets (CSS) are handled in IE, according to a security advisory the company issued in late December: http://www.microsoft.com/technet/security/advisory/2488013.mspx

What won't be fixed on Tuesday, however, is a hole that surfaced last week in what's called the Windows MHTML protocol handler, a component of all versions of Windows.

The technology is used to handle different media types in e-mail. However, many security researchers say that the typical outcome of a successful attack would only be "information disclosure" rather than complete takeover of the user's PC.

"The recent MHTML issue in Windows/Internet Explorer will not be addressed in this update. The workaround suggested by Microsoft in Advisory 2501696: http://www.microsoft.com/technet/security/advisory/2501696.mspx continues to be the recommended way of mitigating this attack vector," Wolfgang Kandek, CTO at security firm Qualys, said in a blog post: http://laws.qualys.com/2011/02/patch-tuesday---preview-for-fe.html

(eS)
Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising