|
|
|
Top Stories
|
ActiveX update stars in Patch Tuesday critical quintet9 Apr 2008 10:34 It's that time of the month again
Microsoft released five critical patches on Tuesday as part of its latest Patch Tuesday update. The release also included three bulletins over security flaws rated by Redmond as "important". The worst of the quintet is a flaw in ActiveX. This update also includes a kill bit for the Yahoo! Music Jukebox product, the topic of a proof of concept exploit. Proof that the security bug can be misused makes it a higher risk than the other four critical updates. The other updates include a cumulative update for Internet Explorer, as well as Office and Windows fixes. Vista is as affected by these critical bugs as XP. Windows Servers are less exposed to these updates, but still need patching. Observers such as the SANS Institute's Internet Storm Centre (ISC) think Microsoft has underestimated the seriousness of its three important updates. The ISC reckons a flaw that leaves Windows DNS clients vulnerable to spoofing because of entropy in a random number generator is better thought of as critical. It also considers an input validation vulnerability in the windows kernel that allows privilege escalation, and multiple input validation vulnerabilities in Visio that might allow code injection, to be worse risks than Redmond cares to acknowledge. The Microsoft April Patch Tuesday summary can be found here. ISC's easier to understand Black Tuesday Overview is here. In other patching news, Adobe pushed out a patch on Tuesday to addresses multiple vulnerabilities in Adobe Flash Player. Users are advised to update to version 9.0.124.0 of Adobe Flash to guard against potential code injection and cross site scripting risk. Adobe's bulletin can be found here. Security notification firm Secunia has published a more readable overview here. ® 7 comments posted — Comment period finished Vista Advanced Security...Posted: 11:10 9th April 2008 i particularly liked...Posted: 11:20 9th April 2008 The OS is secure. The apps are Swiss cheese.Posted: 11:37 9th April 2008 @Ken HagenPosted: 13:03 9th April 2008 @Robert HarrisonPosted: 14:41 9th April 2008
Track this type of story as a custom Atom/RSS feed or by email. Related storiesApple unleashes monster patch batch on Mac faithful (19 March 2008)
|
Breaking Hardware News
Qimonda began sampling 512Mb GDDR 5 memory silicon in November 2007 and now, six months on, it's ready to ship the chip in volume - if anyone wants it, that is.
Newsletter |
|
![[Printer]](/Design/graphics/icons/printer_friendly.png "Printer-friendly version"){kind=icon}
![[Mobile]](/Design/graphics/icons/mobile.png "The Register Mobile"){kind=icon}
Previous Article
