All the latest UK technology news, reviews and analysis

Microsoft ships 'critical' security patches

by Tom Sanders in California

11 Jan 2006

Be the first to comment

  • Tweet this
Microsoft
Both flaws could allow attackers to take control of an affected system

Microsoft has published two security updates for its Windows operating system, both of which carry the software giant's most severe rating of 'critical'.

The first patch targets a vulnerability in the way that Windows handles embedded web fonts. Attackers could use the hole to take control of an affected system. 

Further reading

Embedded web fonts allow documents to come bundled with the appropriate fonts to ensure that they are properly displayed. The technology has been built into Internet Explorer since version 4. 

The second fix plugs a security hole in several versions of Outlook and Exchange Server, which again could allow an attacker to take control of a system.

The vulnerability concerns the way that the messaging applications decode the Transport Neutral Encapsulation Format Mime attachment, Microsoft said in a security advisory. 

An attacker could exploit the flaw by crafting a special email attachment spread via a spammed message. The user still has to preview or open the message to become infected.

Security experts at eEye Digital Security discovered the Windows flaw. The Exchange and Outlook hole was found by Next Generation Security Software.

The patches are Microsoft's second security release for this month, after the vendor was forced to rush out a patch for a widely exploited security flaw in the WMF graphics format last week.

Microsoft typically issues its security updates on the second Tuesday of the month, a cycle that has become known as 'patch Tuesday'.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

IBM logo

IBM integrates threat data with security analytics dashboard

Related white papers

Related articles

Related jobs

Today's top stories

Microsoft Windows 8 start screen

Microsoft turns SkyDrive into cloud computing storage tool for Windows 8

PlayBook BlackBerry 2.0 update from Research in Motion

Research in Motion confirms BlackBerry PlayBook 2.0 software update available

Fujitsu Primergy TX120 S3 review - tower

Fujitsu Primergy TX120 S3 review

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

97%

1%

1%

0%

1%

Features

V3 reporter Dan Worth

World-changing CERN experiments highlight humanity’s intrinsic curiosity

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

FX Technical Implementation Consultant FX FOREX Trading London

FX Technical Implementation Consultant (Business Analyst...

IT Support Analyst - Leyland, Lancashire

IT Support Analyst required by Leyland, Lancashire Software...

Web Developer ( PHP5, OO, MySQL ) - Shrewsbury

A talented PHP / Web Developer is required for a web...

Software Developer ( .NET, C#, VB6, SQL ) Cheshire

Software Developer ( .NET, C#, VB6, SQL) needed. This...

To send to more than one email address, simply separate each address with a comma.