|
Microsoft on Tuesday afternoon alerted users of a trio
of new security vulnerabilities in Windows and Internet Explorer,
one of which was characterized by its discoverer as even more
dangerous than the flaws that spawned some of the biggest
worms of all time, Nimda and Code Red.
There is no work-around for the vulnerability, Microsoft
said in the security bulletin issued Tuesday; the only way
to correct the problem is to install the fix, which is available
through the Windows Update service. Windows NT 4.0, Windows
2000, Windows XP, and Windows Server 2003 are all affected
and must be patched.
One of the other two bulletins, also rated "critical,"
relates to Internet Explorer. The patch corrects three newly-announced
vulnerabilities that include flaws in the browser's security
model, Internet Explorer versions 5.01 and later are affected.
The third bulletin, ranked as "important," applies
to Windows NT, Windows 2000, and Windows Server 2003, and
stems from a problem in how Windows' Internet Naming Service
(WINS) validates data packets. Hackers could exploit this
bug to bring down a WINS server.
"These are potentially catastrophic vulnerabilities,"
said Marc Maiffret, the chief hacking officer at eEye. "It's
imperative that organizations immediately apply the appropriate
patches to ensure their systems are secure."
Read
more
|
