« Where SOA Can Boost Security | Main | When CEOs Spam »

Yesterday, Microsoft issued six security bulletins covering 11 vulnerabilities, 7 which are deemed critical and covers flaws in Excel, Windows Active Directory along with the .Net Framework.

Analysts had been sounding off about the flaws in .Net, as it serves a critical role in Window's applications, and has the potential to affect all of them. .Net vulnerabilities can effect pre-coded user interfaces, data access components, database connectivity, cryptography, Web application development, algorithms and network communications modules.

The .Net patch covers three critical vulnerabilities, two of which could allow remote code execution on systems with .Net Framework installed, and one could allow data leaks on servers running ASP.NET. These vulnerabilities could be easily exploited just by visiting a web site, which makes patching them a high priority.

Three of the critical patches focus on Excel, and all three could allow a Trojan horse attack to give remote control over a system. The final critical patch covers a vulnerability in the Windows Active Directory that could enable a system to be taken over. Active directory is an implementation of LDAP directory services and would most likely result in a Denial of Service (DoS) attack.

Microsoft chose not to patch a vulnerability in Internet Information Server 5.0 in this release, saying it is actually a feature, but does strongly urge users to upgrade to a later version of Internet Information Server. The rest of the patches were marked important, and for a full breakdown, click right here.

Posted by pschooff in Microsoft |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/2115