On mySimon: Pride and Prejudice and Zombies
BNET Business Network:
BNET
TechRepublic
ZDNet
65 TalkBacks

By Dawn Kawamoto
Posted on ZDNet News: Jun 14, 2005 8:18:00 PM

Microsoft on Tuesday issued three "critical" patches for flaws that could allow a malicious attacker to take remote control of a computer.

One fix deals with vulnerabilities in Internet Explorer, while the others tackle problems with HTML Help and Server Message Block in the Windows operating system. The security bulletins were three of 10 released by the software giant as part of its monthly patch cycle.

"This is definitely a significant set of patches," said Jimmy Kuo, a McAfee fellow. "We have three remote code execution patches--one being for IE, which is prevalent. The other two are for HTML Help and Server Message block, which are also installed on all PCs with Windows"

The other security bulletins included four rated "moderate" that affect Windows and the Exchange e-mail server. Three "important" alerts address problems in Windows, Windows Services for Unix, Internet Security and Acceleration Server and Small Business Server.

Microsoft's rating system deems a security issue as critical--its highest ranking--if it could enable a worm to spread without any action from the PC user. Important flaws are those that could compromise people's data or threaten system resources, while the risk from moderate security holes can be restricted by measures such as configuring the default.

The three critical flaws could allow an intruder to take control of a computer, Microsoft said. The problem in IE is a PNG Image Rendering Memory Corruption vulnerability and affects a range of versions, including IE 6 for Windows XP Service Pack 2.

PNG images are similar to JPEGs and are used in many multimedia formats. The IE vulnerabilities allow fields to be malformed when reading or processing the image. That can result in a buffer overflow and open the system to a remote attacker.

"The PNG vulnerability is the most significant of the three," said Vincent Weafer, a senior director at Symantec Security Response. "This is a file format flaw and it's not something users are thinking of, which is why they need to watch out for it."

The Windows HTML Help vulnerability affects Windows XP Service Packs 1 and 2, Windows 2000 Service Packs 3 and 4, and other versions and service packs.

Although the server message block could let an intruder into a PC, the attacker needs to get authentication on the system to exploit the vulnerability. Among the Windows versions threatened by the flaw are Windows XP Service Packs 1 and 2 and Windows 2000 Service Packs 3 and 4.

Microsoft gave IT administrators a heads-up about the fixes last week as part of its prenotification process. It said it expected "at least one" critical vulnerability among the 10 bulletins that were coming.

Last month, Microsoft's monthly patch cycle contained less severe vulnerabilities, as it issued only one important fix for its Windows 2000 Service Packs 3 and 4. The flaw would allow a malicious attacker to execute arbitrary code and take over users' computers if they were persuaded to view a malicious file.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 65 Talkback(s)
Mepis is the short bus of linux distros
http://www.informit.com/bookstore/product.asp?isbn=0131488724&aid=... (Read the rest)
Posted by: Jeff the god of biscuits Posted on: 07/18/05 You are currently: a Guest | | Terms of Use
Fixes in for critical IE, Windows flaws  Loverock Davidson | 06/14/05
Sounding more and more like Mike  stormdoor | 06/14/05
i was gonna say... :P  linuxoverwindows | 06/14/05
Hey "fanboy", you don't mind if I use your term huh?...  Colonel_Panic | 06/14/05
Mepis is the short bus of linux distros  Jeff the god of biscuits | 07/18/05
Minimal time my foot!  Jiim_z | 06/14/05
Error in article: moderate vs. important  PB_z | 06/14/05
Everything needs patches...  Xunil_Sierutuf | 06/14/05
No. The software is too complex...  Poser | 06/14/05
I agree, but it probably could be improved  maddoghall | 06/14/05
Bad use of words ZDNet!  zdnetspam | 06/14/05
A real patch  klmmicro | 06/14/05
Message has been deleted.  linuxoverwindows | 06/14/05
Warning!  d_jedi | 06/14/05
check yo hed.  linuxoverwindows | 06/14/05
I went to 'home' at your site and saw...  Colonel_Panic | 06/15/05
that vid is a great pick me up  linuxoverwindows | 06/19/05
Ballmer IS a loser. Here is proof  Jeff the god of biscuits | 07/18/05
good old days  DemonX | 06/15/05
Look at this website  bill.washington@... | 06/16/05
cool, another tweakui. lol  linuxoverwindows | 06/19/05
Microsoft faults for X-Pee  originalpatricia | 06/14/05
Does this mean that you still drive a......  magpie_z | 06/14/05
i drive a...  linuxoverwindows | 06/14/05
This is for all the Windows and Linux losers.. err I mean Zelots.  Jeff the god of biscuits | 06/14/05
Hardy farken har har, cute...  Colonel_Panic | 06/14/05
spelling  robshome@... | 06/15/05
Two kinds of code  j.tavares@... | 06/14/05
How do they release the patch before the exploit?  ThinkAboutIt | 06/14/05
The 7-Year Itch ... (FireFox Flaw)  PMC-CON | 06/14/05
Third Choice  WarHippy | 06/14/05
The exploit news is not released until.....  magpie_z | 06/14/05
I like it better the old way.....  WarHippy | 06/14/05
Actually  IT Scion | 06/14/05
Not true  rapson | 06/15/05
Patches, errors, etc.  jvb123@... | 06/14/05
svchost  WarHippy | 06/14/05
In a related story...  Colonel_Panic | 06/14/05
Will the flaws ever end?  Paul G. | 06/14/05
Buffer overflow?  aramael | 06/14/05
Not sure then  IT Scion | 06/15/05
Why am I the only one that can't update?  DarbyOhara | 06/15/05
Windows IE patches haha  jackie40d@... | 06/15/05
Unless  IT Scion | 06/15/05
Must read!  Reverend MacFellow | 06/15/05
Interesting read  IT Scion | 06/15/05
interesting...but  BlinkMM182 | 06/15/05
the author hasn't got a clue...  JoeMama_z | 06/15/05
Some corrections to author!  Reverend MacFellow | 06/15/05
days are numbered  PA-ITGuy | 06/16/05
Not while Steve has breath in his body.  mustangj36@... | 06/15/05
Flaws  buhda@... | 06/15/05
The Old Analogy of Thieves Breaking In  Rumpled_Foreskin | 06/15/05
Ouch  Reverend MacFellow | 06/15/05
Nothing will happen because  mustangj36@... | 06/15/05
Back when Apple had 10%+ marketshare  PA-ITGuy | 06/16/05
ONLY THREE?!!!!!  CobraA1 | 06/15/05
THIS STORY LINGERING IS PROOF...  Colonel_Panic | 06/17/05
Fixes break IP on my PC  bsvee | 06/17/05
Recent Microsoft Fixes Are Not the Problem  karl0318@... | 06/17/05
Been there, done that.  bsvee | 06/20/05
Of course not  oldbilll | 06/17/05
Please someone come up with another operating system  sueconcord | 06/17/05
RE: Please someone come up with a new OS  laci2126 | 06/19/05
Firefox coding?  emcee_z | 07/18/05

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

  • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
  • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
  • Smart People The best and worst moves in the management and strategy trenches. Learn More