◎welcome to give out your point。
※ Categories
※ Products
nina Published in the 20:43:24
Microsoft issues critical ispraaMicrosoft on Tuesday issued five critical updates related as part of its monthly Patch Tuesday release.
While the issues affect various versions of Windows in different ways, Microsoft says, none of the issues apply to the final version of Windows 7, which Microsoft wrapped up in July.
Five papers address eight vulnerabilities. According to Symantec Security Response research manager Ben Greenbaum, two vulnerabilities are likely to be used by attackers to attract Windows handles ASF and MP3-media files. "We saw similar feats in the past, all a user would have to do is visit a compromised website hosting one of these malicious files that could be MP3, WMA or WMV files, and they can become infected."
McAfee Avert Labs director Dave Marcus said that two of the shortcomings, in particular, relate to the serious vulnerabilities in the network components Windows Vista, Windows Server 2008 and Windows Server 2003 that could allow for malicious programs to spread from one computer to another.
"These vulnerabilities are most likely to be used by malware and are two of the best candidates of the worm, that we saw after Conficker" Marcus said in a statement. "It says, all this security bulletins address vulnerabilities that could allow an attacker to take complete control of vulnerable PCs."
In addition, Microsoft said that the re-issued a bulletin last month, address the additional controls were vulnerable to the issue with the Microsoft Active Template Library.
Greenbaum noted that Microsoft has yet to release a patch for a zero-day flaw in Internet Information Services, which was released last week. "Until a patch to implement this as a temporary solution, we offer IT administrators to use IIS 5.0 and 6.0 turn off anonymous access to write immediately," said Greenbaum. "We also recommend that you use a firewall and restrict access to create directories. Those who are using IIS 7.0 with FTP-service version 6.0 should upgrade to version 7.5 FTP-service."
There are already some of the attacks seen on the basis of this defect.
"Although the company did not release an update this month, he will do so as soon as it reached the appropriate level of quality for broad distribution," said Microsoft.
Meanwhile, Microsoft Tuesday announced that it is investigating another zero-day issue, this lack of reports in Windows Vista and Windows 7.
With regard to the patches Microsoft released on Tuesday, Qualys CTO Wolfgang Kandek noted that some papers very interesting, because they either affect only new operating system or the more critical in later versions - the opposite of what is usually the case. In general, he said, five windows patches should keep his workers busy.
"Because of the critical patches and broad coverage of the operating system, it will be a busy day for IT administrators", Qualys CTO Wolfgang Kandek said in an e-mail.
tation Windows
While the issues affect various versions of Windows in different ways, Microsoft says, none of the issues apply to the final version of Windows 7, which Microsoft wrapped up in July.
Five papers address eight vulnerabilities. According to Symantec Security Response research manager Ben Greenbaum, two vulnerabilities are likely to be used by attackers to attract Windows handles ASF and MP3-media files. "We saw similar feats in the past, all a user would have to do is visit a compromised website hosting one of these malicious files that could be MP3, WMA or WMV files, and they can become infected."
McAfee Avert Labs director Dave Marcus said that two of the shortcomings, in particular, relate to the serious vulnerabilities in the network components Windows Vista, Windows Server 2008 and Windows Server 2003 that could allow for malicious programs to spread from one computer to another.
"These vulnerabilities are most likely to be used by malware and are two of the best candidates of the worm, that we saw after Conficker" Marcus said in a statement. "It says, all this security bulletins address vulnerabilities that could allow an attacker to take complete control of vulnerable PCs."
In addition, Microsoft said that the re-issued a bulletin last month, address the additional controls were vulnerable to the issue with the Microsoft Active Template Library.
Greenbaum noted that Microsoft has yet to release a patch for a zero-day flaw in Internet Information Services, which was released last week. "Until a patch to implement this as a temporary solution, we offer IT administrators to use IIS 5.0 and 6.0 turn off anonymous access to write immediately," said Greenbaum. "We also recommend that you use a firewall and restrict access to create directories. Those who are using IIS 7.0 with FTP-service version 6.0 should upgrade to version 7.5 FTP-service."
There are already some of the attacks seen on the basis of this defect.
"Although the company did not release an update this month, he will do so as soon as it reached the appropriate level of quality for broad distribution," said Microsoft.
Meanwhile, Microsoft Tuesday announced that it is investigating another zero-day issue, this lack of reports in Windows Vista and Windows 7.
With regard to the patches Microsoft released on Tuesday, Qualys CTO Wolfgang Kandek noted that some papers very interesting, because they either affect only new operating system or the more critical in later versions - the opposite of what is usually the case. In general, he said, five windows patches should keep his workers busy.
"Because of the critical patches and broad coverage of the operating system, it will be a busy day for IT administrators", Qualys CTO Wolfgang Kandek said in an e-mail.
tation Windows
Read the full text() | Shore comments(0) | Trackbacks(0) | Their classification:Security
Tags:Microsoft security Patch Tuesday Windows
Articles related:
Microsoft reports of attacks using the vulnerability of IIS (2009-9-5 17:57:9)
The motion detection phone helps the front guard (2009-9-4 15:44:50)
Microsoft pushes for a single global patent system (2009-9-3 15:46:26)
Microsoft issues Advisory server deficiency (2009-9-2 18:25:43)
10-Opera browser is here (2009-9-1 22:1:38)
Windows Mobile 6.5 handsets coming Oct. 6 (2009-9-1 21:44:9)
Microsoft re-announced investigation IIS disadvantage (2009-9-1 21:21:18)
Snow Leopard: Great news for Windows 7 too (2009-9-1 20:29:2)
Google patches serious security vulnerabilities Chrome (2009-8-29 15:26:17)
ACLU chapter flags Facebook App privacy (2009-8-29 15:23:53)