A+ R A-

Microsoft patches three Windows vulnerabilities

Posted on 11 January 2011.

Today Microsoft released two security bulletins, one rated Critical and one rated Important, to address a total of three vulnerabilities in Microsoft Windows and Windows Server.

Microsoft also released a revision to Advisory 2488013 to include another protective mitigation for customers to use if needed.


Qualys CTO Wolfgang Kandek comments:

MS11-002 is the more important one of the two bulletins. It is a critically rated vulnerability in the MDAC OS component, aff...


ects all versions of the Windows Operating system and can be triggered by browsing to a malicious website.

MS11-001 provides a patch for a DLL-preloading issue in the Windows Backup Tool. It is rated important and is only applies to Windows Vista. While DLL preloading is an old systemic issue in Windows and many other operating systems, it gained new attention in August of last year, when many vulnerable applications were identified.

Secunia maintains a list of Microsoft and 3rd party applications that have been shown vulnerable to the DLL preloading attacks. The list has over 200 vulnerable programs and includes the Vista Backup vulnerability that is being fixed today (SA41122).

Given the scope of the DLL preloading vulnerabilities we highly recommend implementing the work-around that Microsoft describes in Security Advisory 2269637 and KB2264107, which neutralizes the most common attack vectors on the operating system level.

Microsoft has not seen active attacks seeking to exploit any of the vulnerabilities, but users should test and deploy all updates as soon as possible to help prevent criminal attacks.

To learn more about patching challenges and techniques read our interview with Wolfgang Kandek who offers his extensive knowledge on the subject.


Read Full Article

Related

No related articles found


Share It

Headlines

AdwareAlert

AdwareAlert is a corrupt anti-spyware application that tries to use the mistyped title of the legitimate Ad Aware anti-spyware tool in order to scam its users into paying the creators another $50. It pretends to be a legitimate spyware remover, while in reality, AdwareAlert is a complete fake that u...

Latest Security News

Internet Defender

Internet Defender is a rogue anti-spyware program that uses fake scan results and false security alerts as a method to make you think you are infected with malware. It's from the same family as Security Defender. The rogue pretends to scan your computer for viruses and reports fake infections. It th...

Latest Security News

Security Shield

Security Shield is a rogue anti-spyware program from the same family as System Tool and Security Tool. Once installed, it will supposedly scan your computer for spyware, adware, trojans and other malware. Of course, it will find numerous infections and then will prompt you to pay for a full version ...

Latest Security News

Got News?

Latest

Profile Analyzer: Protect websites from …

Posted on 15 March 2012. Silver Tail Systems announced Profi...

Latest Security News

Is Ukraine the perfect place for hackers…

Posted on 14 March 2012. What is it that makes the Ukraine s...

Latest Security News

Key management device for payment securi…

Posted on 14 March 2012. Thales announced its Key Management...

Latest Security News

Popular

Get email updates