iTWire - Patch Tuesday rolls around: five critical updates

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Patch Tuesday rolls around: five critical updates

Patch Tuesday rolls around: five critical updates

E-mail

by Stephen Withers
Wednesday, 09 September 2009
The latest security fixes from Microsoft all concern Windows, including the current flagships Vista and Server 2008. Some of the vulnerabilities allow 'drive-by' attacks and Microsoft is recommending prompt action. Featured Whitepaper 5 Best Practices for Smartphone Support As foreshadowed, Microsoft has released five security bulletins this month, all rated critical. All of the bulletins relate to Windows itself, and all allow remote code execution. A JScript vulnerability affects Windows 2000, XP, Server 2003, Vista, and Server 2008 (including Server Core installations). An update for Windows 7 Release Candidate was also released, although Windows 7 RTM is not affected by any of this month's issues. Microsoft warns that it is likely that consistent exploit code will appear for the JScript issue. An issue concerning the Wireless LAN AutoConfig service in Vista and Server 2008 (excluding Server Core installation) is difficult to exploit reliably, according to Microsoft officials. Nevertheless, it is rated critical on Vista and important on Server 2008. A pair of vulnerabilities in Windows Media Format can be exploited though maliciously crafted media files. Consistent exploit code is expected for both issues, which are rated critical on all currently supported versions of Windows (including Server 2008 Server Core installations, but excluding Server 2008 for Itanium). Multiple vulnerabilities in Windows' TCP/IP implementation are fixed this month. While remote code execution is possible, the flaws are difficult to exploit reliably and attacks are more likely to result in denial of service. The affected versions are Windows 2000, Server 2003, Vista, and Server 2008. The severity is reduced to important on Windows 2000 and Server 2003. The fifth bulletin concerns a vulnerability in the DHTML Editing Component ActiveX control, which can be exploited via a malicious web page. Inconsistent exploits are likely, according to Microsoft officials, and the issue is rated critical on Windows 2000 and XP, and moderate on Server 2003. Vista and Server 2008 are not affected. Jerry Bryant of the Microsoft Security Response Center said "we are not addressing the IIS/FTP vulnerability announced in Security Advisory 975191 with this month’s security bulletin release. Our teams are still working on an update for this issue and we encourage customers to review the advisory for the most current guidance on this issue. The recent bulletin covering vulnerabilities in the Active Template Library was re-released to provide additional protection for XP Media Center 2005 and Vista. Microsoft also released the usual updates to the Malicious Software Removal Tool and the Windows Mail Junk E-Mail Filter. Tags See All Tags Microsoft Operating Systems Operating system Security Software Stephen Withers Windows Windows 2000 Windows 7 Windows Media Player Windows Server Windows Vista Windows XP Wireless Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

User Experience Architect (C4)
Consulting Services Branch Manager
Process Analyst X 4 (M4)
Content Co-Ordinator (M3)
Senior .Net Developer (M3)
Business Analyst (M17)
Test Lead
Senior Business Analyst
Business Analyst - Financial Markets, Ops focus
Technical Business Analyst - BI & DW - Contract

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking