Microsoft plugs seven critical security holes

By

Microsoft has released a security update that repairs a total of nine software vulnerabilities, seven of which are rated "critical".

Microsoft plugs seven critical security holes
The patch includes a fix for a flaw in the XML HTTP 4.0 ActiveX Control component of the XML Core Service. Microsoft last issued a security bullet in about the vulnerability and warned that attackers were actively exploiting the flaw.

The update also repairs three critical vulnerabilities in Internet Explorer 6, all of which are rated "critical".

Two of the flaws affect the Direct Animation ActiveX Controls, which attackers could exploit by luring a user to a specially crafted website. Upon infection, the attacker can install spyware or other malware on a system without any user interaction. Microsoft warned that attackers are actively exploiting the flaw.

The third Internet Explorer 6 flaw too could allow for remote code execution if attackers succeed to lure users to a specially crafted website. The vulnerability is caused by a design flaw in the way that the browser interprets HTML code with certain layout combinations. Microsoft said that it isn't aware of any exploits.

The Sans Internet Storm Center rated both the XML Core Services and Internet Explorer updates as the most urgent.

The remaining updates affect the Microsoft Agent, Adobe's Flash player and the Workstation Service. All of those flaws could allow an attacker to take over control of a system, but Microsoft said that it isn't aware of any active exploits.

Users can update their systems through the auto update feature by downloading the patches from the Microsoft website.

The remaining two patches affect Novell's Netware technology and received severity ratings of "moderate" and "low".
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
criticalholesmicrosoftplugssecurityseven

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
China blamed after cyberattack hits Czech Republic

China blamed after cyberattack hits Czech Republic
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?