Microsoft released a slew of security patches, two of which fixing critical Windows and Internet Explorer vulnerabilities, as the flood of traffic from the MyDoom worms continued.
A critically-rated cumulative patch for Internet Explorer (IE) was unveiled, correcting three newly discovered flaws in the popular web browser. The worst involves IE's cross-domain security model and could result in the remote execution of malicious code on a susceptible computer system. In addition, the company fixed a drag-and-drop operation hole and a vulnerability which could allow an attacker to deceive users they are located at a specific URL address.
Windows systems were also found to be vulnerable from a security hole in Microsoft's ASN.1 Library. ASN.1 (Abstract Syntax Notation 1) is a language for exchanging messages between applications and Internet-enabled devices such as cellular phones. According to Microsoft, a buffer overflow in the implementation of ASN.1 could enable a hacker to execute code on PCs running Windows NT, Windows 2000, Windows XP and Windows Server 2003.
Two additional flaws, both rated 'important', were also discovered in the software giant's products. Microsoft's server operating systems included a security vulnerability in the Windows Internet Naming Service (WINS) that could allow remote execution of malicious code, while Virtual PC for Mac turned out to be open to privilege elevation.
As Microsoft released its monthly updates, its main web site continued to be under heavy attack from PCs infected with viruses from the MyDoom family of worms. Svetlozar Online advises all Microsoft customers to immediately apply all appropriate patches and use, if needed, the following web address:
http://information.microsoft.com, or the
Windows Update web service.
