February 11, 2009

Critical IE, Exchange and Visio flaws discovered

Microsoft today released four patch bundles to fix at least eight security vulnerabilities in PCs powered by its Windows operating system and other software. The fixes are available through Microsoft Update or via Automatic Updates.

Half of the flaws fixed in February's patch batch earned Microsoft's most urgent "critical" rating, meaning attackers could wield them to break into vulnerable systems with little or no assistance from users, aside from maybe convincing users to visit a booby-trapped web site or open a specially-crafted e-mail.
Two of the critical vulnerabilities reside in Microsoft's Internet Explorer 7 Web browser (Microsoft says IE6 is not affected).
The other two critical flaws Microsoft fixed are found in Microsoft. The Exchange vulnerability is especially serious for businesses, because an attacker could seize control over an Exchange server merely by sending a well-crafted e-mail attachment to a company's Exchange server.
The two remaining updates fix a privately reported vulnerability in SQL Server database software, and three privately reported flaws in Microsoft Office Visio.

No comments: