Skip to main content

Microsoft Releases Patches To Plug Key Vulnerabilities In Its Products

Microsoft is recommending users to embrace their November patch update, which was released on last Tuesday and addresses as many as 15 vulnerabilities in Windows, Windows Server and Office suites, with immediate effect to avoid any undesired consequences later.

Of the six bulletins released in this month’s ‘Patch Tuesday’ cycle, MS09-065 is being dubbed as the most ‘critical’ one and it rectifies three technical glitches surrounding Windows kernel.

In addition, of these three vulnerabilities mentioned in the update, the one which impacts the manner in which Windows kernel parses the ‘Embedded Open Type’ fonts has been regarded as the most significant, as the third party that notified it to the software maker has also made it public.

Security analysts are reporting that the specific vulnerability, which lies in the font parsing subsystem of the win32.sys driver, could be exploited by hackers to perform remote code execution on the victim’s computer and seize control over the system’s resources.

A proof-of-concept exploit of the vulnerability has already been integrated into the Metasploit point-and-click tool.

According to HD Moore from Metasploit, the code initiates a ‘blue screen of death’, or simply ‘BSoD’, from the web page, and he anticipates to get code execution very soon simply by bringing some modifications into it.

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.