Microsoft fixes flawed .ani patch

By

Microsoft's April update yields 5 critical updates.

Microsoft fixes flawed .ani patch
The update includes fixes for four critical Windows vulnerabilities, as well as a critical flaw in Microsoft's Content Management Server and a less-severe fifth flaw in Windows.

The updates included a fix for last week's patch that aimed to repair a vulnerability in the way that Windows handles .ani animated cursor files.

Attackers are the flaw to install malware on users' systems. Security vendor Websense said that it has detected more than 2,000 unique websites that are hosting exploit code for the flaw.

Only two of the critical vulnerabilities affect Windows Vista: the .ani patch and a fix for the client-server runtime subsystem (CSRSS), an internal system component that manages console windows and threading. Both vulnerabilities could allow an attacker to remotely execute code.

Windows XP is vulnerable to the same two flaws that affect Windows Vista, as well as two additional bugs that are rated critical in Windows XP's universal plug and play component and the Windows Manager help application.

A fifth patch fixes a vulnerability in Windows 2000, Windows XP, and Windows Server 2003. A vulnerability within the Windows kernel could allow an unauthorised user to gain elevated privileges on a system. That vulnerability was rated as 'important', one level below the other five patches.

The sixth patch in the release addresses a critical flaw in Windows Content Management Server, an application that is used to post and manage large amounts of changing data on a website, such as a news site or blog service.

The update is Microsoft's first scheduled security update since February. The company skipped last month's patch release.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?