Microsoft To Patch Three Zero Day Vulnerabilities

  /     /     /  
Publicated : 22/11/2024   Category : security


Microsoft To Patch Three Zero Day Vulnerabilities


Tuesday will bring 22 fixes from Microsoft, as well as Adobe patches for Acrobat and Reader.



(click image for larger view)
Slideshow: Top Features Absent From Windows 7
Microsofts February Patch Tuesday will see the release this week of 12 security bulletins, patching a total of 22 vulnerabilities, including three that could be exploited via zero-day attacks.
According to Wolfgang Kandek, CTO of Qualys, these vulnerabilities have seen limited exploits in the wild, so applying the update is highly recommended.
One of those bugs, a CSS-related vulnerability that affects all versions of Internet Explorer, was
disclosed
in late 2010 by a Google researcher. By early January, security firms reported that attackers were actively exploiting the bug.
Microsoft will also patch a zero-day vulnerability in the Windows
Graphics Rendering Engine
. Attackers could exploit the flaw using malicious thumbnail images, and execute arbitrary code at the users permission level.
The third zero-day vulnerability to be patched is an FTP service bug, first acknowledged in December 2010, that affects Internet Information Service (IIS) 7.0 and 7.5, although not IIS Web Services. While attackers could exploit this vulnerability to create a denial of service, Microsoft said it was unlikely they could remotely execute code. Also, most organizations that use IIS likely wont be vulnerable, since IIS FTP service is not installed by default, and even when installed, not enabled by default.
The other forthcoming patches will address less-critical bugs affecting Microsoft Windows, Visual Studio, and Microsoft Offices Visio, versions 2002, 2003, and 2007.
All told, three of Microsofts security bulletins rate as critical, while nine are important, meaning that they typically cant be used to remotely run exploit code.
Two zero-day exploits currently targeting Microsoft products, however, wont be addressed in Tuesdays security update. Notably, a recently disclosed vulnerability in
MHTML
affects all versions of Windows. Microsoft acknowledged the bug 10 days ago and released a temporary workaround while it develops a permanent fix.
In other vulnerability remediation news, Tuesday will also see the release of a new batch of patches from Adobe as part of its quarterly bug-fix release cycle. Adobe said it will
patch
critical vulnerabilities in Adobe Reader X (aka version 10) and earlier versions for Windows and Macintosh, and Adobe Acrobat X and earlier versions, likewise for Windows and Macintosh. Adobe said that while Reader 9.4.1 for Unix contains critical vulnerabilities too, it wont see a patch before the end of February.

Last News

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft To Patch Three Zero Day Vulnerabilities