All the latest UK technology news, reviews and analysis
|
|
|
09 Nov 2011
Microsoft has issued four bulletins in its latest monthly update, including a fix for a critical vulnerability in the Windows TCP/IP system.
The November Patch Tuesday release addresses four privately reported flaws, including one rated 'critical,' two rated 'important' and one rated 'moderate'.
The 'critical' flaw lies in the Windows TCP/IP component and affects Windows 7, Server 2008 and Vista. Microsoft said that an attacker could use a specially crafted UDP data packet to trigger a crash and remotely execute code on a targeted system.
Microsoft has fixed the flaw by altering the way Windows handles UDP packets. End users and administrators are advised to make the bulletin a top priority for testing and deployment this month.
The two 'important' bulletins address flaws in Windows Active Directory and Windows Mail. The Active Directory flaw could allow an attacker to obtain elevated access privileges on systems running Windows XP, Vista, Windows 7, Server 2003 and Server 2008.
Windows Mail and Meeting users could be left vulnerable to remote code execution attacks from a specially crafted .dll file. Microsoft noted that the flaw is considered 'important' only for Windows Vista, and is classified as a 'moderate' for Server 2008 and 'low' for Windows 7.
The fourth bulletin fixes a denial-of-service error in which an attacker could use a specially crafted TrueType font file to cause a crash on Windows 7 and Server 2008 systems. The vulnerability is considered a 'moderate' security risk.
However, Microsoft has not provided a permanent patch for a recently uncovered flaw in the Windows kernel which has been exploited by the Duqu malware. Microsoft issued a temporary fix for the flaw last week.
Jim Walter, manager of the McAfee Labs Threat Intelligence Service, advised administrators to keep the temporary patch in place as a precaution.
"IT administrators should ensure that they implement today's patches and take note of the workaround in order to prevent the Duqu Trojan from doing more damage," he said.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Digital Account Executive Fulham, London 25k A great...
Our global consultancy client currently seeks a number...
Support Analyst x 1/2 Skills: Apple Mac OSX, Windows...
Network Consultant - London - 55-65k My client are...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?