Microsoft Releases Fixes and a Workaround for Several Vulnerabilities

by | Jul 27, 2009 | News

The web is indeed becoming a dangerous place. These days, your PC could become infected with malware or vulnerable to a hacker attack just by innocently browsing a website or opening an email. Last July 14th, Microsoft released six bulletins with fixes for at least nine known security vulnerabilities that put users at risk in a range of Microsoft products. Many of the vulnerabilities, if not patched, can allow “remote code execution” or allow a hacker or malicious software to take over your PC and run unauthorized commands.

ZDNet’s Ryan Naraine has posted a helpful summary of the released fixes:

  • MS09-029: This update covers two privately reported vulnerabilities in the Microsoft Windows component Embedded OpenType (EOT) Font Engine, which could allow remote code execution. Rated “critical” for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
  • MS09-028: This update fixes three separate vulnerabilities (one publicly disclosed and under attack!) in Microsoft DirectShow, which could allow remote code execution if a user opens a specially-crafted QuickTime media file.
  • MS09-032: This update resolves a privately reported vulnerability in Microsoft Video ActiveX Control. The vulnerability could allow remote code execution if a user uses Internet Explorer to view a specially-crafted Web page that uses the ActiveX control. This vulnerability is currently being exploited in the wild! Rated “critical” for all supported editions of Windows XP and “moderate” for all supported editions of Windows Server 2003.

Some of the vulnerabilities, notably one in Microsoft Office Web Components, do not yet have a patch. An attacker who successfully exploits this vulnerability could potentially gain the same user rights as a local user, allowing the attacker to modify or remove files on the PC remotely. This could potentially happen simply by using Internet Explorer to visit a website. A workaround exists by downloading a free utility from Microsoft called FixIt, which prevents the Microsoft Office Web Components from running in Internet Explorer.

Users, as always, are advised to immediately download the updates and utilities, or use Microsoft’s Windows Update service. If you need help installing the patches or workarounds, or if you feel your PCs are at risk, contact us immediately.

 

Published with permission from TechAdvisory.org.

Related Posts

Happy Thanksgiving from Enstep Technology Solutions!

Happy Thanksgiving from Enstep Technology Solutions!

Whether you’re new to Enstep or you’ve been with us for a while, we want to wish you a happy Thanksgiving! It’s time to take time off work, enjoy a great meal, and spend time with your family. What are you thankful for this year? Here’s what the team at Enstep is...

What is the Future of IT Infrastructure?

What is the Future of IT Infrastructure?

As information technology continues to evolve and industries rush to keep up, individuals and businesses can’t always keep track of all the latest trends. Failing to develop new business strategies to adapt with the times can indicate trouble or perhaps even the final...

Planning for Migration from Windows 7 in 2020

Planning for Migration from Windows 7 in 2020

Windows 7, released in 2009 and appreciated by many PC users, will no longer receive general home support from Microsoft after January 14, 2020. In a nutshell, this means no more direct customer help (unless you pay through the nose for it), no more security updates,...

FIND OUT WHAT YOUR BUSINESS SHOULD EXPECT TO PAY
FOR HOUSTON TECH SUPPORT

Give us a call and discover how great local IT services and computer support can be!