Thursday, February 23, 2006

I found this information that I thought all should be aware of and get the updates as you needed them. Some of these sound important enough to make one wonder how far crackers will go to get into your system. I have corrected one word in here that is not quite true as hackers are not the bad guy but crackers are.

This info also includes links back to the information its referring to as well.

Sheri Robinson

MS Patch Tuesday: February 2006 February 14, 2006 NEWS
By Pedro Hernandez

Microsoft patches seven vulnerabilities this month, one of which bears an uncanny resemblance to last month's big security scare.

1. This month, the company is patching another Critical WMF vulnerability in IE (MS06-004) affecting its graphics rendering engine. The flaw, like its cousin, could make it possible for a system to get cracked if exploited.

2. The company is also releasing a fix for various versions of Windows Media Player (6.4 through 10 depending on OS) (MS06-005) that carries a Critical rating. Also capable of giving a cracker access to the system if exploited, the vulnerability is triggered when the media player processes a "certain" file, in this case a .bmp (bitmap) with embedded malicious code.

3. Another WMP-related fix (MS06-006) addresses vulnerability when the player is invoked as a plug-in for non-IE browsers. A malicious site using a deviously coded EMBED element in its code could compromise a visitor's system if not patched. This flaw is rated Important.

4. Also in the important column are fixes to the Windows Web Client Service (MS06-008) and the Korean Input Method Editor in both Windows and Office (MS06-009), both of which can lead to remote access by an attacker.

5. Another vulnerability in the Windows implementation of IGMP v3 (Internet Group Management Protocol) (MS06-007), also rated important, could make it possible for a denial of service scenario. Essentially, if Windows XP and 2003 encounter a bad IGMP packet, the system could quit responding.

6. Lastly, PowerPoint 2000 gets some attention in the form of an update (MS06-010) that prevents the presentation software from disclosing information stored in the Temporary Internet Files Folder to remote attackers.

7. Not to be left out, the Malicious Software Removal Tool receives new malware signatures this month. Detection has been added for Alcan, Badtrans, Eyeveg, and Magistr families of worms and viruses.

Next month's updates are scheduled for March 14, 2006.

In related security news, Microsoft has released Windows Defender Beta 2. According to the FAQ, the software features not only an improved UI, but also Automatic Updates support and enhanced detection and removal capabilities. Also new to this version is system-wide protection across all user accounts. Now, the software runs for all users beyond administrator accounts.


Post a Comment

<< Home