Microsoft Corp. on Thursday announced its plans for releasing three security patches as a part of its convention Patch Tuesday cycle, with one of the vulnerabilities has been rated “critical” that allows hackers to carry out remote code execution on a victim’s computer.
The critical vulnerability, which affects Windows 2000, XP, Vista along with Windows Server 2003 and 2008, enables attackers to seize control over the user’s PC by launching remote code execution, and is scheduled to be patched in the security bulletin to be released on upcoming Tuesday, the software maker said in an advisory.
Besides, the other two updates are rated as “important”, and could be used for launching ‘spoofing’ attacks only, and while one of these “important” updates affects all the operating systems as the “critical” patch, the other has a limited scope, and covers only Windows 2000, Windows Server 2003 and 2008.
Surprisingly, the company hasn’t announced any patch for the much touted zero-day flaw affecting Microsoft Office Excel application that attackers have been targeting in past few weeks.
However, in an advisory issued on 24 February, the software company notified that the bug could enable a hacker to carry out arbitrary code if a specially designed Excel file tries to access an invalid object.
Go To Page 2 for our comments and more related links
Amongst one of the important things that a company system administrator needs to have in its to do list is a proper patch roll out scheme. Just check that yours is in place. As Windows Vista becomes more mature, there's less of a chance of attacks. Actually most of the threats in the past few months are browser-based.
(Redmond Channel Partner)