Google
Web pcflank.com
PC Flank Logo
 Make sure
you're protected
on all sides
 Test Your System
 About PC Flank's tests
 PC Flank Leaktest NEW!
 Quick Test
 Stealth Test
 Browser Test
 Trojans Test
 Advanced Port Scanner
 Exploits Test
 Ask the experts
 Leak Tests Catalog NEW!
 FAQ
 Glossary
 Community
 Forum
 Security Center
 Software Store
 Books Store
 Articles Library
 Software Reviews
 Interviews

 

Tip of the day
Securely store your credit card details.
Security News

Microsoft issues critical patch updates

February 11, 2005

Microsoft Corp. has released 16 major updates to its Windows OS family, ten of them rated "critical" by the software giant. Users of all versions of Windows are strongly advised to apply recent fixes to mitigate the security threats posed by the flaws of its software. Microsoft has also acknowledged the existence of the exploit that takes advantage of the PNG-file handling vulnerability reported by the company in its MS05-009 bulletin.

The bulletin in question addresses two vulnerabilities, one in Windows Media Player, the other in MSN Messenger and Windows Messenger, Microsoft's instant messaging clients. All three applications can be attacked using malformed PNG (Portable Network Graphics) image files.

According to major security firms' analyses, the exploit code—dubbed Exploit-PNGfile by McAfee—can instruct the infected machine to run any payload the hacker bundles with it. Possible payloads could include such typical malware as Trojans, backdoor components, or worms to wrench control from the real user, or even spyware such as key loggers to steal information and identities. More than one example of code to exploit the hole was available on the Internet Wednesday, along with directions on how to use it to attack vulnerable Messenger applications. The code can cause Messenger to crash, or allow a remote attacker to run code on vulnerable Windows machines.

The faults in a way Messenger and Media Player process PNG files were initially discovered by the Core Security Technologies in August 2004 and immediately reported to Microsoft. It took the company more than five months to develop a patch, spurring criticism on its ability to promptly respond with a fix to potentially critical bugs contained in its products. It remains unknown home many PCs have been compromised or the magnitude of damage incurred.

Now that the exploit code is out, the need to patch vulnerable PCs has greatly amplified. People can download and install latest security updates to Microsoft products by enabling Windows' Automatic Updates or going to windowsupdate.microsoft.com with their browsers.

  Discuss this article on the Forum

 
 
Start Page
Make "PC Flank" your   
Start Page!   
Make

 
In the Spotlight
» One man's job

» Outpost Firewall Pro Review

   
 

 
Sponsored links


   
 
Related Links
» Bagle incarnations
gonna run out of
the alphabet letters

» MyDoom,
Bagle and Netsky
fight for
Internet control

   
 

 
   
Outpost Firewall PRO 3.0 - complete protection on the Internet!

Secure Internet surfing with Oupost personal firewall with antispyware and free firewall available for download at www.agnitum.com. 		 
Privacy Policy
    Advertiser Info		 Site Map
    Contact Us

 
 
© 2006 PC Flank Ltd. All rights reserved.