Microsoft has just patched another critical hole in Windows Vista (which also affects Windows 2000 SP4 and Windows XP). Microsoft was aware of the vulnerability, which involves the way that the OS's Client/Server Run-time Subsystem handles error messages, last Christmas. This flaw may not be as severe as the cursor .ANI flaw, as Microsoft says you'd have to perform certain unspecified "actions" on a malicious Web site before an assault could succeed. Nevertheless, once compromised, an attacker could run any command or program on your PC. Proof-of-concept code is available, but no active attacks on this hole have been reported yet.
In addition, Microsoft has fixed a critical weakness in its Agent technology in Windows 2000 SP4 and Windows XP SP2. The flaw can be exploited through Internet Explorer 6 if you visit a Web page with a special link or banner ad. While the Agent is normally supposed to run little animated helpers, a malicious site need not display one prior to delivering an attack. Vista and Internet Explorer 7 are unaffected by this hole.
Download Security Update:
First |
Second (or use AU)
News source:
PC World Read full story...
More...
Linear Mode
