Patch Tuesday heads-up: Critical flaws in Windows, Internet Explorer - Techist - Tech Forum

Go Back   Techist - Tech Forum > Techist Forum Information > News > The Net
Click Here to Login
Closed Thread
Thread Tools Display Modes
Old 02-04-2011, 09:05 AM   #1 (permalink)
Destroyer of headlines
Megatron's Avatar
Join Date: Dec 2010
Location: Headlines
Posts: 629
Default Patch Tuesday heads-up: Critical flaws in Windows, Internet Explorer

As part of this month’s Patch Tuesday schedule, Microsoft plans to ship a dozen bulletins with fixes for 22 vulnerabilities, some serious enough to allow hackers complete access to a vulnerable Windows machine.

According to Microsoft’s advance notice, three of the 12 bulletins will carry be rated “critical,” the company’s highest severity rating.

This month’s patch batch will apply to the Microsoft Windows operating system, the Internet Explorer browser, the Microsoft Office productivity suite, Visual Studio, and IIS.

Here are some additional details, via the MSRC blog:follow Ryan Naraine on twitter

As part of this month’s update, we’ll be addressing issues related to two recent Security Advisories, 2490606 (a public vulnerability affecting the Windows Graphics Rendering Engine) and 2488013 (a public vulnerability affecting Internet Explorer). Additionally, we will be addressing an issue affecting FTP service in IIS 7.0 and 7.5.

However, it is important to note that the recently disclosed cross-site scripting vulnerability in MHTML will not be fixed this month.

Last week, Microsoft shipped an advisory to warn of the availability of exploit code for a serious vulnerability in all supported editions of Microsoft Windows.

The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities. Microsoft is aware of published information and proof-of-concept code that attempts to exploit this vulnerability. At this time, Microsoft has not seen any indications of active exploitation of the vulnerability.

The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a Web request run in the context of the victim’s Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site on behalf of the targeted user.

In the absence of a patch for that issue, Microsoft recommends the following:

* Enable the MHTML protocol lockdown.
* Set Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones.
* Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.

The security advisory contains instructions for applying these temporary workarounds.

Megatron is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft to Patch Windows, Office Flaws Osiris Viruses, Spyware and Malware 0 07-09-2010 07:34 AM
Update For Critical Adobe Hole Coming Tuesday Osiris Viruses, Spyware and Malware 0 06-25-2010 07:42 AM
Windows 7 & OSX Have Critical Security Flaws Osiris Viruses, Spyware and Malware 1 06-11-2010 09:38 AM
Internet Explorer Patch Released: Update Now Osiris Internet Software and Browsers 0 03-31-2010 07:18 AM
Microsoft will Issue a Critical Patch Next Week for Windows 7 IE8 Osiris Internet Software and Browsers 0 12-12-2009 09:59 AM

Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 09:50 AM.

Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2018, vBulletin Solutions, Inc.