Microsoft plugs critical hole in Windows

Microsoft today fixed a critical hole in Windows and two less serious holes in Office in one of the lightest Patch Tuesdays in recent history.
The critical bulletin, MS11-035, fixes a vulnerability in the Windows Internet Name Service (WINS) that "could allow remote code execution if a user received specially crafted malware on an affected system running the WINS service," according to the bulletin advisory. It affects Windows Server 2003 and 2008.
WINS is not installed on the affected operating system software by default, so only customers who manually install it are affected and will be offered the update, Microsoft said.
"Microsoft is downplaying the bug, but there is potential here for remote code execution," and thus total control of the computer, said Andrew Storms, director of security operations at nCircle. "WINS is a network-aware application that does not require authentication, and many enterprises require WINS on their networks. Taken together, these factors mean that a lot of enterprises will find their internal network servers vulnerable to a remote code bug. Initially, most attackers will probably only trigger a DoS (denial-of-service) event, but finding the remote code exploit won't be far behind."
The second bulletin, MS11-036, fixes two vulnerabilities in Microsoft PowerPoint that could allow remote code execution if a user opens a malicious PowerPoint file. The vulnerabilities affect Office XP, Office 2003, Office 2007, Office 2004 for Mac, and Office 2008 for Mac.
Microsoft also changed its Exploitability Index, the guide it uses to provide customers information on how likely a vulnerability is of being exploited. The company will be publishing two ratings per vulnerability, one for the most recent platform and a second as an aggregate rating for all older versions of the software.
Patch Tuesday has been fairly hectic recently, including last month when 17 bulletins were released to fix 64 vulnerabilities.


Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Categories: ,


Post a Comment

Related Posts Plugin for WordPress, Blogger...