Third busy patch month for Microsoft.As part of its monthly security update cycle, Microsoft have released a dozen security bulletins. Nine & them are tagged critical, the company's highest severity rating. The alerts give details of 20 flaws in The infamous MSBlast worm, which wreaked havoc in 2003, exploited a similar flaw, related to a Windows component called remote procedure call. The patching rush started in June, when it released 12 bulletins. It came after a patch lull, with only three alerts in May, five in April and two in March. Another of this month's flaws that could be exploited without any user interaction lies in the Windows Domain Name System (DNS (Domain Name System) A system for converting host names and domain names into IP addresses on the Internet or on local networks that use the TCP/IP protocol. For example, when a Web site address is given to the DNS either by typing a URL in a browser or behind the ) client, which is used to help translate URLs into numerical IP addresses. However, an attacker has to be on the same subnetwork See subnet. as the intended target or must trick the user into making a DNS request to a malicious server. The bulk of the problems addressed by the August patches could be used for attacks via the Web or e-mail. They include security holes in the Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. Web browser The program that serves as your front end to the Web on the Internet. In order to view a site, you type its address (URL) into the browser's Location field; for example, www.computerlanguage.com, and the home page of that site is downloaded to you. , the Outlook Express e-mail client Same as e-mail program. and other Windows and Office components. Microsoft has not addressed all known flaws in its products. For example, a variant of a bug patched last month in a Windows component called "mailslot" is still without a fix. Proof-of-concept code that was posted to the Net last month. Microsoft recommends that people install the critical fixes immediately. The updates are available via the Windows Update An updating service on Microsoft's Web site that enables users to obtain bug fixes and new features for their version of Windows. Windows Update components analyze your PC's configuration and display a list of appropriate downloads for your individual system. and Automatic Updates tools. Temporary workarounds. www.microsoft.com |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion