Peaches Posted July 9, 2010 Report Share Posted July 9, 2010 9 July 2010, 11:19WIndows Support Center patch due Tuesday Microsoft has confirmed that this Tuesday, July 13th, it is planning to release a patch to fix the security vulnerability in its Help and Support Center. It's reported that the vulnerability is already being actively exploited by criminals to infect PCs. Infection merely requires a user to visit a specially crafted web page – many such web pages are present on ordinary websites which have been hacked. The main target at the moment is Windows XP, as the in-the-wild exploit does not yet work on other versions of Windows. Microsoft is also planning to fix a two month old bug relating to Aero and display drivers used in the 64-bit version of Windows 7 and Server 2008. By displaying specially crafted images, an attacker could compromise a victim's system, although Microsoft has yet to fully explain the specifics of how the vulnerability might be exploited. Additionally, there are two updates to fix critical vulnerabilities in Office. Support for all Windows 2000 products and for Windows XP SP2 also ends this month. There will then be no further patches and even critical security vulnerabilities will remain unfixed. The knowledge base will, however, still be maintained as a free online self-help resource. http://www.h-online.com/security/news/item/WIndows-Support-Center-patch-due-Tuesday-1035102.html Quote Link to post Share on other sites
Peaches Posted July 9, 2010 Author Report Share Posted July 9, 2010 July 8, 2010 2:45 PM PDT Microsoft to patch Windows, Office flaws Microsoft said on Thursday that it expects to issue four security bulletins as part of next week's Patch Tuesday, closing critical holes in both Windows and Office. The four bulletins cover a total of five vulnerabilities, including a Windows Help Center flaw that had been disclosed publicly by a Google researcher. Of the two Windows-related bulletins, one is rated critical for Windows XP and low for Windows Server 2003, while the other affects only the 64-bit version of Windows 7. On the Office front, one bulletin is related to the Access database and is rated critical for the 2003 and 2007 versions of the product. The other is related to Outlook and is rated as important for Outlook 2002, 2003, and 2007. Microsoft will release more details when it issues the patches on Tuesday. Earlier this week the company said it is investigating a vulnerability in Windows XP and Windows 2000. Update, 4:40 p.m.: Microsoft confirmed that the patches include a fix for the Windows Help Center zero-day flaw identified by a Google engineer last month. "The Windows Help and Support zero-day vulnerability will be included in the July bulletin release," Microsoft group manager Jerry Bryant said in a statement. "We were in the early phases of investigation when details on this issue were publicly released on June 9th. We were originally targeting an August release, but we had to accelerate our efforts, based on attacks impacting Windows XP customers." Attacks based on that flaw cropped up within days of its public disclosure. Because the vulnerability affected only two versions of Windows, Bryant said Microsoft was able to speed up the patch's release. Originally posted at Beyond Binaryhttp://news.cnet.com/security/ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.