AOH :: ISNQ6500.HTM

Microsoft Patches Critical Vulnerabilities In Windows




Microsoft Patches Critical Vulnerabilities In Windows
Microsoft Patches Critical Vulnerabilities In Windows



http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=225800088 

By Tim Wilson
DarkReading
July 13, 2010 

Microsoft today patched four security vulnerabilities in the Windows 
environment -- three of them considered critical -- and experts say one 
of the flaws is already being exploited.

Researchers have already reported the vulnerability in the Windows Help 
and Support Center feature that comes with Windows XP and Windows Server 
2003. Experts say at least three exploits of this flaw have already been 
spotted in the wild.

"This vulnerability could allow remote code execution if a user views a 
specially crafted Web page using a Web browser or clicks a specially 
crafted link in an e-mail message," Microsoft says. "The vulnerability 
cannot be exploited automatically through e-mail. For an attack to be 
successful, a user must click a link listed within an e-mail message."

Microsoft also issued a patch for another previously disclosed 
vulnerability, this one in the Canonical Display Driver (cdd.dll). 
"Although it is possible that the vulnerability could allow code 
execution, successful code execution is unlikely due to memory 
randomization," Microsoft says. "In most scenarios, it is much more 
likely that an attacker who successfully exploited this vulnerability 
could cause the affected system to stop responding and automatically 
restart."

[...]


_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com 

Site design & layout copyright © 1986-2014 CodeGods