August 11, 2005

As to be expected, Microsoft just released new patches for six new Internet security flaws in Internet Explorer (IE) as well as its Windows operating system, as part of its regular monthly security update.

The patches are available at http://www.microsoft.com/security/bulletins/200508.mspx.

Three are rated as 'critical' weaknesses that could allow hackers to gain control of computers. The critical bugs concern Windows Plug-and-Play system, Print Spooler software and the IE browser's image rendering software.

Less serious weaknesses are highlighted in Windows Telephony Service and Remote Desktop Protocol, and in the Windows implementation of the Kerberus authentication protocol.

Marc Maiffret, co-founder and chief hacking officer at eEye Digital Security, said that users urgently need a patch for the Windows Plug-and-Play system, claiming that hackers are likely to publish an exploit in the next 48 hours that will lead to widespread attempts to attack computers. The problem is most serious on Windows 2000 systems.

"To avoid remote exploitation, organisations of all sizes should address these particular vulnerabilities immediately," he said.

"The window to remediate is diminishing as hackers become more sophisticated in their ability to exploit vulnerabilities such as these."

Microsoft said that Windows Server 2003 and Windows XP systems with major security updates are less vulnerable, but could still be affected by certain remote users or those within local systems.

Stephen Toulouse, a programme manager at Microsoft's Security Response Center, claimed that newer operating systems were less vulnerable to the flaws, and that security practices have improved since the last major worm attacks were unleashed.

Security firm Symantec said that the IE patch concerns the way the browser renders JPEG images and could be used to take over a computer via malicious web pages, email or instant messaging.

Oliver Friedrichs, senior manager at Symantec Security Response, said: "Microsoft's latest release continues the trend of client-side vulnerabilities. The potential for graphical image-based exploits is especially concerning as it affects multiple applications and requires no user interaction.

"We recommend applying the updates as soon as possible and to be aware of phishing schemes that attempt to lure users to malicious sites."

Chris Andrews, vice president of product management at security services firm PatchLink, added: "The print spooler flaw means that every business using Windows servers will have at least one system that needs this patch. Getting the necessary patches applied is the only solution."

Source: Vnunet

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.