In association with heise online

09 September 2009, 08:32

Critical holes in all Windows versions closed

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Microsoft's announcement that it would release five patch packages in September has been fulfilled. All five vulnerabilities allow malicious code to be executed via the internet and all five are rated critical. The individual updates affect the JScript engine, in charge of executing JavaScript code in Internet Explorer, the automatic configuration service for Wireless LAN networks, several vulnerabilities in the Windows Media Format (WMF) libraries, a TCP/IP stack vulnerability, and the ActiveX control for editing Dynamic HTML content.

The WLAN configuration service problem only affects Vista and Server 2008 (except for the Itanium version). Windows XP is not subject to the network stack vulnerability, while Vista and Server 2008 are not affected by the DHTML hole. Each update package closes at least one security hole, for which Microsoft thinks exploits will likely soon be available.

The FTP server vulnerability in Microsoft IIS 5, 6 and 7 and the denial-of-service hole in the network service for Vista and Windows 7, as anticipated, still remain unpatched. Microsoft's current advisories do not detail the extent to which Windows 7 – already in widespread and productive use – is affected by the vulnerabilities. Users should immediately install these patches.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit