All the latest UK technology news, reviews and analysis
|
|
|
12 Apr 2006
Microsoft, as part of its monthly patch release for April, has released a security update to address vulnerabilities in Windows and Office.
The software vendor rated updates for Internet Explorer, Windows Explorer and the Microsoft Data Access Components (MDAC) Function as "critical" because they could allow an attacker to execute arbitrary code on a user's system.
The MDAC vulnerability exists as part of Microsoft's ActiveX technology. An attacker could use the security hole through a specially crafted website to take over control of a system without any user interaction, Microsoft said in a security bulletin on its website.
Attackers could exploit the flaw in Windows Explorer again by persuading users to visit a specially crafted website. Microsoft warned that the site could force the system to connect to a remote file server, which could then cause Windows Explorer to fail in a way that allows an attacker to execute code.
The Internet Explorer patch addresses a total of ten vulnerabilities with severity ratings ranging from critical to moderate. As expected, the update includes a fix for a previously disclosed vulnerability in the createTextRange call which is actively being exploited. It also repairs two other vulnerabilities that were disclosed earlier this month.
April's patch furthermore delivers a fix for Outlook Express. A vulnerability in the email and personal information client could allow attackers to take over control of a system. Because the bug requires user interaction to be exploited, it received a severity rating of "important".
The fifth patch addresses a vulnerability in Front Page that could allow for a cross site scripting attack.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Job Specification For: Software Developer...
A global Investment Bank requires a Project Manager to...
Web Developer, .Net Software Developer - ASP.Net, C...
Verint Voice Recording Support Engineer (Verint / Nice...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Aprill 11 Patch breaks Windows Explorer with verclsid.exe
A friend asked me to look at his XP (SP2) laptop because it was running slow and Windows Explorer quit working. It opens and then just hangs. I found over 20 copies of verclsid.exe running, eating up memory and CPU. When I killed them all, Windows Explorer started working again. According to MS, verclsid.exe is a new security program included in the April 11th patch. One user reports the offending update appears to be KB 908531.
Posted by: Mark C 14 Apr 2006
April Upgrade
I already applied the fix. It also includes fixes for Outlook Junk mail and Windows Media Player 10
Posted by: Mike 12 Apr 2006