recent posts

Social Networking Accounts Prized By Cybercrooks
RedBox Warns of Credit Card Skimmers
Opera Updates and a Black Tuesday Preview
Beware Targeted Data-Stealing Tax Scam
Consumers Report $239 Million Lost To Cyber Fraud In '07

Stories by Category

Stories By Date

related links

The Archives
Security Fix Live: Web Chats
About This Blog
Password Primer
7 Security Tips
Technology Section

syndicate

About This Blog   |   Archives   |   RSS Feeds RSS Feed   (What's RSS?)

Microsoft Plugs Critical Windows Security Hole

Microsoft today issued two software updates to remedy security vulnerabilities in its Windows operating systems, including one that criminal groups have been targeting lately to break into and steal data from vulnerable machines.

One of the patches fixes a critical flaw found in Windows XP and Windows Server 2003 systems that also have Internet Explorer 7 installed. This vulnerability is not present in Windows Vista. For more than a month now, cyber criminals have been blasting out spam e-mails containing malicious links or Adobe PDF documents that try to install spyware programs when users click the links or open the files.

The PDF attacks first surfaced about a month ago, after Adobe issued a patch to prevent PDFs from being used to exploit the Windows flaw. Experts said virus writing groups quickly disassembled that patch to pinpoint the weakness, which is caused by the way certain Windows installations validate things like malformed Web links.

The second problem Microsoft addressed today affects Windows Server 2003 and Windows 2000 Server systems, versions of Windows not typically used by the average home user.

Windows users can download the patches from the Microsoft Update Web site or via Automatic Updates.

By Brian Krebs |  November 13, 2007; 2:01 PM ET New Patches
Previous: Apple Patches iPhone Security Hole | Next: Storm Worm Victims Get Stock Spam Pop-Up

Comments

Please email us to report offensive comments.



There was also a new version of the Malicious Software Removal Tool:

http://www.microsoft.com/security/malwareremove/default.mspx

Posted by: PJ | November 13, 2007 2:49 PM

Brian:
In your post of 11/9/07 you provided a link to Macrovision and indicated that MS is working with the company to push out an update thu its regular monthly patch process.
Did today's patch address that problem or should I install the Macrovision patch?

Posted by: Patton | November 13, 2007 2:59 PM

@Patton -- No, I am not aware of a patch from Microsoft for the Macrovision thing.

Posted by: Bk | November 13, 2007 3:47 PM

Regarding Macrovision, from the Microsoft Security Response Center Blog

http://blogs.technet.com/msrc/archive/2007/11/13/november-2007-monthly-release.aspx

"we wanted to make sure you knew that we are working with Macrovision to test the Macrovision update for deployment using Microsoft's security update process. Once the update has gone through the Microsoft security update testing process, completed deployment testing and is ready for release, Microsoft will release it to customers as part of the Microsoft security update process."

Posted by: TJ | November 15, 2007 4:01 PM

The comments to this entry are closed.

 
 

©  The Washington Post Company