Stephen Withers
Wednesday, 12 August 2009 05:59
Business IT -
Security
Page 2 of 3
Vulnerabilities in WINS (Windows Internet Name Service) mean that maliciously crafted packets can cause remote code execution.
Such an issue would not previously have been classed as critical, as WINS is not installed by default. However, Microsoft no longer reduces the security rating of an issue involving a critical component on enterprise networks just because that component is off by default.
"It looks like the WINS vulnerability is by far the most dangerous from a real 'remote code execution' viewpoint," said Tyler Reguly, senior security engineer at nCircle.
"There are probably quite a few organizations running WINS servers, and many of them may not need to these days. It may be a good time to take stock of what exists on the network and disable unnecessary WINS Servers."
A pair of vulnerabilities in Windows Media file processing allow maliciously crafted AVI files to cause remote code execution. This issue is regarded as critical across all supported versions of Windows, with the exception of Server 2008 Server Core installations.
The final critical update for the month is the only one that also affects one of Microsoft's products for Mac OS X.
Two vulnerabilities in Remote Desktop Connection can allow remote code execution of a user can be tricked into connecting to a malicious server. The fix involves improvements to the handling of RDC parameters.
The month's important bulletins are described on
page 3.
LATEST HEADLINES FROM YOUR IT
