Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Microsoft critical security patches

Microsoft critical security patches

by Nikola Strahija on October 13th, 2005 Microsoft has released nine security patches, including three critical fixes for Windows OS and Internet Explorer.


Security researchers believe that two, now patched, bugs in Windows components could be exploited by attackers in the same way that the Zotob family of worms did two months ago.

The patches were released late yesterday in the usual monthly security release from the software giant. Two of the critical updates concern Internet Explorer and Microsoft's DirectShow media streaming software. A third concerns the COM+ services included with Windows as well as the Microsoft Distributed Transaction Coordinator (MSDTC), a component of the operating system that is commonly used by database software to help manage transactions.

It is these last two vulnerabilities that have security researchers concerned because of their similarity to the Windows Plug and Play (PnP) system vulnerability reported last August. Within a week of its disclosure, that flaw was exploited by the authors of the Zotob worm. Variations of this attack eventually knocked hundreds of thousands of machines offline, primarily affecting Windows 2000 users.

Security researchers say that another Zotob-style worm outbreak is now a possibility. -The COM+ and MSDTC vulnerabilities have a very similar appearance to the PnP vulnerability that caused Zotob, said Mike Murray, director of vulnerability and exposure research for nCircle.

DirectShow bug tricks users into viewing malicious programs that appear to be legitimate multimedia files, attackers can then seize control of unpatched Windows systems. It has been rated critical for Windows XP, Windows 2000, Windows Server 2003, Windows 98 and Windows ME.

The other security updates released Tuesday include "important" patches for Client Services for NetWare, the Windows Plug and Play system, Microsoft Collaboration Data Objects, and the Windows Shell. "Moderate" bugs have also been patched in the Windows FTP client and the Network Connection manager.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »