CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
February 10th, 2009

Microsoft Releases February Security Bulletin For 8 Security Vulnerabilities

Microsoft shipped four bulletins with patches for at least 8 documented security vulnerabilities affecting Windows users and warned that “consistent exploit code could be easily crafted” to launch attacks via the Internet Explorer browser. The security update is rated Critical for Internet Explorer 7 running on supported editions of Windows XP and Windows Vista. For Internet Explorer 7 running on supported editions of Windows Server 2003 and Windows Server 2008, this security update is rated Moderate.

The Patch Tuesday batch includes fixes for a pair of code execution holes in IE, two bugs in the Microsoft Exchange Server, a remote code execution issue in the Microsoft SQL Server, and three separate flaws haunting users of Microsoft Office Visio.

The Internet Explorer bulletin (MS09-002) should be treated with urgency because the flaws can be exploited to launch drive-by download attacks.

The Microsoft warning that consistent exploit code was likely suggests that it’s very easy for an attacker to host a specially crafted Web site and attack unpatched users who surfed to the rigged Web site. The attacker could also take advantage of compromised Web sites and Web sites that accept or host user-provided content or advertisements. These Web sites could contain specially crafted content that could exploit this vulnerability.

The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding.

Users and administrators should review the bulletins and apply the updates. http://www.microsoft.com/technet/security/bulletin/ms09-feb.mspx

Share this item with others:

More on CyberInsecure:
  • Microsoft Patch 14 PowerPoint Vulnerabilities, Adobe Patch Reader And Acrobar 0-day Vulnerability
  • Microsoft Releases Emergency Patch For Critical Windows Vulnerability
  • Microsoft Patches Critical Database And Office Flaws
  • Record Number Of Vulnerabilities Fixed In Microsoft’s Patch Tuesday
  • Microsoft Patches At Least 20 Vulnerabilities In April 2009 Update

    • Posted in Microsoft, Vista, Vulnerabilities, Windows | Print This Post Print This Post

    This entry was posted on Tuesday, February 10th, 2009 at 2:37 pm and is filed under Microsoft, Vista, Vulnerabilities, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Microsoft Releases February Security Bulletin For 8 Security Vulnerabilities

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »