In association with heise online

« previous | next »
You can send this piece of news from The H as an email:

You can specify up to 5 recipients, separated by commas.

Passphrase Bitte Grafik laden

Your personal data will only be used to deliver this mail. The data will not be used for any other purposes.

Microsoft Tuesday patches omit known vulnerabilities

Microsoft plans to release two updates this coming Tuesday, one of which it classes as critical, but the updates will not fix confirmed security vulnerabilities in Windows and Internet Explorer. The two updates announced by Microsoft contain a total of three patches. The 'critical' update affects all version of Windows. The second problem is classed as important and is only relevant to Vista users. Microsoft will not release further details until Tuesday evening.

A posting on the Microsoft Security Response Center blog is frank in admitting that patches for two security vulnerabilities confirmed by Microsoft in recent weeks are not yet ready for release. Internet Explorer contains a critical bug which affects processing of @import tags in cascading style sheets (CSS) that can be exploited to inject and execute code. The Windows Graphics Rendering Engine chokes on specially crafted thumbnails, with similar consequences. Microsoft security experts have confirmed that targeted online attacks making use of the IE vulnerability have now been observed. Demo code for the thumbnail vulnerability is also publicly available, with exploitation likely to follow.

Microsoft is pointing users requiring pre-patch protection to workarounds. The Enhanced Mitigation Experience Toolkits (EMET) for Internet Explorer should protect users from the IE vulnerability. Its use is described in the heise Security article 'Damage limitation'. Users can protect themselves from the thumbnail problem by disabling the display of thumbnails. A 'fix-it' to simplify application and removal of this workaround is available.

(crve)

The H Open Headlines
    • May's Community Calendar

            Price Insight Top 10 powered by Skinflint

            1. Samsung SSD 840 Pro Series 256GB
            2. Samsung SSD 840 Series 250GB
            3. HTC One 32GB schwarz
            4. Samsung Galaxy S4 i9505 16GB schwarz
            5. Intel Core i5-3570K
            6. Seagate Desktop HDD.15 4000GB
            7. Western Digital Red 3000GB
            8. Samsung SSD 840 Series 120GB
            9. HTC One 32GB silber
            10. Samsung Galaxy S3 i9300 16GB blau

            The H

            The H Open

            The H Security

            The H Developer

            The H Internet Toolkit