Critical Windows Updates available

An Ad

Integrate business news on your website free of charge and offer your visitors up-to-date content! Click here for more information.

On time for yesterday's January Patchday Microsoft published a total of three critical security updates.

Two of the patches relate to the operating systems Windows 2000, Windows XP, and Windows Server 2003. The third update relates to Outlook as well as Office 2000-2003 and Microsoft Exchange.

The Security Bulletin MS06-001, which has already been pre-released last Thursday, is also included. It patches security holes in connection with the processing of WMF files. According to German IT-publisher heise.de, the WMF technology is an outdated file format, which may allow the execution of malicious software.

In this connection the German agency for security in information technology (BSI) cautioned against "criminal attacks via the security hole in Windows ... According to the findings of the BSI this security hole in the Microsoft operating system Windows is being used actively for spreading malware." More than 200 different, malicious WMF files were already known and every day new ones appeared, heise.de writes. However, the provided patch does not seem to solve these problems completely, because further WMF flaws have been found since the pre-release.

At the moment no updates are provided for older versions of the Windows operating systems (Win98, Windows ME). The BSI points out that the vulnerable software component also existed in the above mentioned versions of the operating system.

A further patch is provided to fix an error in the processing of webpages, which can be abused to upload and execute malware using webfonds embedded in webpages. According to Microsoft, intruders can gain complete control over the system by embedding manipulated webfonds in webpages or emails. heise.de reports that this flaw has already been reported in July 2005 but was not fixed until yesterday.

Microsoft itself rates all three January patches as critical thus substantiating the potential thread to unpatched systems. It is, therefore, advised to upload these latest security updates as soon as possible.

Sources: BSI, heise.de

Sicherheitsupdates manuell laden: Microsoft Bulletin Januar 2006