From the "****, I just got finished running Windows Update" dept... -Ed
Microsoft alerted PC users to three critical security flaws in Internet Explorer and Windows on Wednesday, as the MSBlast worm and its variants used a previous vulnerability in Windows to spread across the Net for a second week.
The software giant released a cumulative patch for Internet Explorer that fixes several vulnerabilities previously disclosed by the company, and it re-released an advisory for Microsoft's SQL Server software, warning that a flaw in that program actually affects most Windows users.
Users who don't patch their systems could leave the computers open to attack through a fake Web page or an HTML e-mail that contains the specific exploit code, said Stephen Toulouse, security program manager for Microsoft's security response center.
The Internet Explorer bulletin is rated as 'critical' across all platforms except Windows 2003," Toulouse said. A critical rating is the highest grade that Microsoft assigns to its alerts. The flaws were rated 'moderate'--the second-lowest grade--for Windows 2003, the latest version of the operating system.
On Wednesday, security-software maker Symantec said that MSBlast, a worm that takes advantage of a month-old vulnerability in Microsoft's OS, had infected almost 700,000 computers. A variant of the worm, MSBlast.D or Nachi, had infected more than 525,000 computers since it began to spread on Monday.
Although critical, the latest vulnerabilities are far less likely to become fodder for a worm writer because a victim would have to go to an attacker-owned Web page to be attacked.
The Internet Explorer vulnerabilities involve the fact that the software doesn't check the type of an object returned from a Web server and because a flaw exists in the browser's cross-domain security model, Microsoft stated in its advisory.
Source:
http://msnbc-cnet.com.com/2100-1002_3-5066511.html?part=msnbc-cnet&tag=alert&form=feed&subj=cnetnews
Microsoft alerted PC users to three critical security flaws in Internet Explorer and Windows on Wednesday, as the MSBlast worm and its variants used a previous vulnerability in Windows to spread across the Net for a second week.
The software giant released a cumulative patch for Internet Explorer that fixes several vulnerabilities previously disclosed by the company, and it re-released an advisory for Microsoft's SQL Server software, warning that a flaw in that program actually affects most Windows users.
Users who don't patch their systems could leave the computers open to attack through a fake Web page or an HTML e-mail that contains the specific exploit code, said Stephen Toulouse, security program manager for Microsoft's security response center.
The Internet Explorer bulletin is rated as 'critical' across all platforms except Windows 2003," Toulouse said. A critical rating is the highest grade that Microsoft assigns to its alerts. The flaws were rated 'moderate'--the second-lowest grade--for Windows 2003, the latest version of the operating system.
On Wednesday, security-software maker Symantec said that MSBlast, a worm that takes advantage of a month-old vulnerability in Microsoft's OS, had infected almost 700,000 computers. A variant of the worm, MSBlast.D or Nachi, had infected more than 525,000 computers since it began to spread on Monday.
Although critical, the latest vulnerabilities are far less likely to become fodder for a worm writer because a victim would have to go to an attacker-owned Web page to be attacked.
The Internet Explorer vulnerabilities involve the fact that the software doesn't check the type of an object returned from a Web server and because a flaw exists in the browser's cross-domain security model, Microsoft stated in its advisory.
Source:
http://msnbc-cnet.com.com/2100-1002_3-5066511.html?part=msnbc-cnet&tag=alert&form=feed&subj=cnetnews