Microsoft To Patch Three Vulnerabilities Tuesday

  /     /     /  
Publicated : 22/11/2024   Category : security


Microsoft To Patch Three Vulnerabilities Tuesday


Januarys software update wont fix two zero-day bugs being exploited by attackers.



(click image for larger view)
Slideshow: Top 10 Microsoft Stories Of 2010
Microsoft is set to issue two security bulletins, collectively patching three vulnerabilities, as part of Januarys Patch Tuesday.
The first security bulletin, rated as critical, affects all supported versions of Windows. The second, rated important, affects Windows Vista. Attackers could exploit the vulnerabilities to execute remote code on a targeted computer. As always, we recommend that customers deploy these updates as soon as possible, said Microsoft.
This months Patch Tuesday, however, wont address two zero-day vulnerabilities which attackers are reportedly already actively exploiting.
On Tuesday, Microsoft confirmed a
zero-day vulnerability
that affects its graphics rendering engine, which an attacker could use to install programs, delete data, or create new user accounts. Microsoft also issued mitigation instructions, as well as a Fixit Button that home users and small businesses can use to mitigate the vulnerability.
Microsoft also released a suggested workaround for a zero-day CSS-related vulnerability that affects all versions of Internet Explorer. The flaw was recently disclosed by Google researcher
Michal Zalewski
, and later
confirmed
by French vulnerability research firm Vupen.
The vulnerability exists due to the creation of uninitialized memory during a CSS function within Internet Explorer. It is possible under certain conditions for the memory to be leveraged by an attacker using a specially crafted Web page to gain remote code execution, said Microsoft.
According to Carlene Chmaj, senior response communications manager for Microsoft trustworthy computing, we have started to see targeted attacks using the CSS exploit.
Accordingly, beyond next weeks Patch Tuesday, there is also potential for further updates this month, said Qualys CTO Wolfgang Kandek.
Finally, there are two additional vulnerabilities currently being explored by security researchers. Both affect IE, and proof of concept attack code exists. We expect Microsoft to acknowledge them soon, said Kandek.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft To Patch Three Vulnerabilities Tuesday