Users login

Create an account »


Users login

Home » Hacking News » Three critical patches in MS August update

Three critical patches in MS August update

by Nikola Strahija on August 11th, 2005 Microsoft's patch bandwagon rolled into town yesterday loaded with three critical updates among a total of six security alerts. A cumulative security update for Internet Explorer, a buffer overflow vulnerability in Windows Plug-and-Play and a security bug in the Print Spooler service all pose a severe hacker risk.

A flaw in IE's JPEG image rendering creates a means for virus writers to infect vulnerable systems simply by tricking users into viewing a malicious constructed image. The same IE mega-patch also deals with an error in the way COM objects are launched which could lead to memory corruption problems and a validation error revolving around the interpretation of certain URLs that creates scripting risks.

The Plug-and-Play vulnerability is considered even worse. Security vendor eEye notes that the vulnerability with Windows Plug-and-Play is similar to vulnerabilities historically exploited to create worms such as Blaster and Sasser. Security tools vendor ISS is even more stark in its warning.

-This vulnerability is remotely exploitable in the default configuration of Windows 2000, and is present in all modern Windows operating systems. There is a high probability that this vulnerability will be exploited in an automated fashion as part of a worm on Windows 2000, it said.

The three critical patches deal with XP, Win 2003 and Win 2000, so just about everyone running Windows will have some patching to do. Microsoft also re-releasing MS05-023 on Tuesday to reflect the fact that Microsoft Word 2003 Viewer is also affected by a vulnerability rated as critical.

Redmond also issued an "important" security update covering a vulnerability in Windows telephony service that could allow remote code execution. Two "moderate" bulletins covering a DoS risk involving flaws Window's Remote Desktop Protocol and bugs in Microsoft's implementation of the Kerberos security protocol.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »