The Inquirer-Home
Software

Microsoft warns of impending patches

Get the wagons in a circle
By Edward Berridge
Fri Mar 05 2010, 12:22

CONTINUAL SOFTWARE PATCHER Microsoft has warned that it will be releasing two patch bulletins this month affecting Windows and Office software.

Both are rated Important and together they address eight holes in the outfit's software. Both patches will fix problems can only be exploited if the user is tricked into opening a file packed with malware. At the moment no one has actually tried to do it yet.

Generally Microsoft seems to be telling us that this is a lightweight patch Tuesday and there is nothing to see here, move along please.

But the Vole failed to mention whether it has a fix for the VBscript security issue exposed earlier this week. That bug allows hackers to hijack a user's computer running Windows XP by getting them to press F1 on a dodgy website.

Senior security communications manager Jerry Bryant said that Microsoft would continue to monitor the situation. Bryant pointed out that there were no known attacks using this attack ventor but he encouraged customers to review the advisory and apply the suggested workarounds where possible.

"Customers that are running Windows 7, Windows Server 2008, Windows Server 2008 R2, and Windows Vista are not affected," he added. µ

Share this:

< Previous article| Next article >
Comments
Use firefox/opera/other instead of IE

Would be very helpful to point out that the F1 thing only works in the IE browser heh, that's a rather critical bit of information there.

And outlook but there you are already more secure as stated by MS:
"By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone, removing the risk of an attacker being able to use this vulnerability to execute malicious code. The Restricted sites zone helps mitigate attacks that could try to exploit this vulnerability by preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail messages. However, if a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario. Additionally, Outlook 2007 uses a different component to render HTML e-mail, removing the risk of this exploit."

posted by : W.-, 06 March 2010 Complain about this comment
aboutus
Advertisement
Subscribe to INQ newsletters
Click here to sign up Existing user
INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage
Advertisement
INQ Jobs
INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

View other polls
Follow us:
Business & Technology websites:
Business research resources:
Products:
Investment Market IT websites:
Find out what you are worth:
Search for a job:
Recruitment Agency A-Z Directory
Accreditations: