In association with heise online

04 September 2009, 09:42

Microsoft schedule five "Remote Code Execution" patches for Patch Tuesday

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Microsoft plans to release five Windows updates on its forthcoming Patch Tuesday on the 8th of September. All of the updates address security issues that, in the worst case, allow remote attackers to inject and execute code which could, for example, allow an attacker to install malware on a user's system. Microsoft has therefore rated all five patches "critical", which is the highest security rating.

It appears that Microsoft plans to leave the hole in the FTP service of its Internet Information Services unpatched for now. Earlier this week, a script became available which allows attackers to gain control of a server with IIS 5, provided the server offers FTP services and the user has write access. Version 6 is also affected by this problem.

Microsoft appears to have also discovered a second security hole in the FTP service of IIS which also affects IIS 7 if FTP Service 6.0 is installed. FTP Service 7.5 does not appear to be vulnerable. This hole can only be exploited to crash the service.

References:

See also:

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-743257
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit