Skip to main content

Microsoft Repairs "Critical" Flaw In Latest Patch Tuesday Release

Microsoft's most recent Patch Tuesday update has delivered fixes for three security vulnerabilities in Windows, including one labelled as "critical".

The company released two security bulletins, MS11-002 and MS11-001, and has advised users to deploy MS11-002 as quickly as possible.

According to Computer World, MS11-002, patches two vulnerabilities, one rated critical and the other as important.

The critical vulnerability concerns Internet Explorer and can allow hackers to initiate a "drive-by attack", luring users into visiting malicious websites. The vulnerability exploits a flaw in the Microsoft Data Access Components (MDAC) Active X control that allows IE to access the system's database.

Only users running IE as their web browser are at risk from the flaw.

“Attackers can exploit the critical vulnerability in MS11-002 by getting users to browse to a malicious Web site,” a security expert with Qualys' research lab told Computer World.

The second bulletin, MS11-001, patches a vulnerability that only affects Microsoft's Windows Vista operating system, specifically repairing a bug in the operating system's back-up manager program.