Must Have Security Fixes For Ie7, Microsoft Servers

[Peaches]

Must-Have Security Fixes for IE7, Microsoft Servers

Erik Larkin

Today's monthly patch batch from Microsoft fixes a critical flaw in Internet Explorer 7 that could allow a malicious Web site to install malware on a vulnerable PC, along with a patch for the Visio diagramming software. And businesses that run a Microsoft Exchange or SQL server will want to apply essential fixes right away.

Microsoft's bulletin says attack code that targets the MS09-002 IE7 flaw "can be crafted easily," so be sure you get this one via Windows Update. The Internet Storm Center posts that there aren't yet any known attacks, but it affects both XP and Vista. But only IE7, interestingly, and not earlier versions of the browser.

You'll also find a fix for the Visio software which can allow an attacker to run any command if you open a hacked Visio file. The program is popular among network and server administrators who typically have far-reaching permissions on their networks, so I wouldn't be at all surprised to see a targeted attack come along that goes after this flaw. Get more info and the patch from the MS09-005 bulletin.

See more here: http://www.pcworld.com/article/159311/arti...ml?tk=nl_spxblg