Microsoft's Patch Tuesday Brings Two Fixes

Compared with previous Patch Tuesdays, November's version was quite small with Microsoft releasing only two patches for the Windows operating system: one rated critical and the other important.

The critical patch addresses an issue with how the Windows shell handles URIs. A specially crafted URI could allow an attacker to execute arbitrary code due to an error in the way it is validated. Currently the issue has only been identified to be exploitable through Internet Explorer 7. However, the actual flaw itself is in a shell DLL, which can be found in Windows XP and Server 2003.

Security firm Qualys noted that several patches that address a similar issue within other applications shows that this is likely not limited to IE7. The company also identified Mozilla and Adobe products as being potentially vulnerable. The second patch repairs an 'important' flaw in how Windows handles DNS. A spoofing vulnerability exists where a specially crafted response to a DNS request could redirect legitimate traffic to sites with less than legit purposes, Microsoft said in an advisory.

View: Full Article @ Betanews

Report a problem with article
Previous Story

Gates responds to questions about his stock sales

Next Story

Microsoft to hike spending on Embedded

5 Comments

Commenting is disabled on this article.

YES! one of the vista fixes is supposed to sort out usb and sleep/hibernation behaviour finally woo