Microsoft plugs seven critical security holes

By

Microsoft has released a security update that repairs a total of nine software vulnerabilities, seven of which are rated "critical".

Microsoft plugs seven critical security holes
The patch includes a fix for a flaw in the XML HTTP 4.0 ActiveX Control component of the XML Core Service. Microsoft last issued a security bullet in about the vulnerability and warned that attackers were actively exploiting the flaw.

The update also repairs three critical vulnerabilities in Internet Explorer 6, all of which are rated "critical".

Two of the flaws affect the Direct Animation ActiveX Controls, which attackers could exploit by luring a user to a specially crafted website. Upon infection, the attacker can install spyware or other malware on a system without any user interaction. Microsoft warned that attackers are actively exploiting the flaw.

The third Internet Explorer 6 flaw too could allow for remote code execution if attackers succeed to lure users to a specially crafted website. The vulnerability is caused by a design flaw in the way that the browser interprets HTML code with certain layout combinations. Microsoft said that it isn't aware of any exploits.

The Sans Internet Storm Center rated both the XML Core Services and Internet Explorer updates as the most urgent.

The remaining updates affect the Microsoft Agent, Adobe's Flash player and the Workstation Service. All of those flaws could allow an attacker to take over control of a system, but Microsoft said that it isn't aware of any active exploits.

Users can update their systems through the auto update feature by downloading the patches from the Microsoft website.

The remaining two patches affect Novell's Netware technology and received severity ratings of "moderate" and "low".
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

China blamed after cyberattack hits Czech Republic

China blamed after cyberattack hits Czech Republic

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?