Jump to content

Security Alerts for IE and DirectX 7.0


metadigital

Recommended Posts

Wednesday 12th October 2005

Nine new updates in Microsoft's latest security bulletin 10:31AM

The latest monthly security bulletin from Microsoft reveals no fewer than nine vulnerability updates in October's patch Tuesday. Of these, three are regarded as critical, although in two of these cases, the patches replace previous versions.

 

The new spate of security updates follows a quiet September when Microsoft reported no new vulnerabilities. Although it is impossible to predict what might turn up in the future, the replacement cumulative patches and the absence of patches in September suggests that Microsoft may at last be getting on top of the security issue.

 

In the October bulletin, one of the critical vulnerabilities is in DirectShow - part of DirectX version 7.0 onwards and affects users who have administrative user rights. An attacker who successfully exploited the vulnerability could take complete control of an affected system.

 

Microsoft has also revealed that there is a double whammy in the Distributed Transaction Coordinator (MSDTC) and COM+ used in Windows. The vulnerabilities in these services can allow both remote code execution and local elevation of privilege that could allow an attacker to take complete control of the affected system

 

For the average user, the most important is a cumulative patch for Internet Explorer. According to the update, The Microsoft DDS Library Shape Control (Msdds.dll) and other COM objects in Internet Explorer could allow an attacker to take complete control of an affected system.

 

Among the 'Important' category of security updates this month is a problem with client services for Netware, Microsoft Collaboration Data Objects and the Windows Shell that could allow remote execution of code. There is also vulnerability with Plug and Play that could allow a local elevation of privileges. However, in this case, an attacker will need to be able to log in to the system legitimately.

 

Finally there are two 'moderate' vulnerabilities that could allow an attacker to redirect an FTP download and a problem with the Network Connection Manager that could leave a network open to a denial of service attack.

OBSCVRVM PER OBSCVRIVS ET IGNOTVM PER IGNOTIVS

ingsoc.gif

OPVS ARTIFICEM PROBAT

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...