Microsoft recently issued two bulletins that fixed three holes in the Windows system. One of these holes was rated as ‘critical’ in the Windows XP, Vista as well as the latest Windows 7 operating systems. These fixes were part of the Patch that was issued during the bulletin.
The importance of this patch is quite evident from the vulnerability that Windows was open to due to the critical holes. Along with the operating system, even Microsoft Data Access Components were in a dangerous position without the patch, since the holes could allow attackers to take over a user’s computer if he or she simple viewed a malicious web page.
In addition to resolving this important flaw, Microsoft also took care of another hole that, if left unchecked, could lead to remote code execution if a user were to open a legitimate Windows Backup Manager file that was simply located within the same network directory in which a malicious library file was stored. For the attack to succeed, the user would have to visit a suspicious web-based distributed authoring and versioning or WebDAV, or remote file system.
In addition to this, Microsoft also modified its previous Security Advisory 2488013. This was related to the Cascading Style Sheets, or CSS. They served the purpose of providing an additional workaround for a reported vulnerability in Internet Explorer, and to combat the targeted attacks that were reported.
One of the most important holes of Internet Explorer, the “css.css”, had affected all versions of the Microsoft program, and had been rated as a critical vulnerability. However, in spite of the fix provided for gaping holes in the Windows lineup, security analysts are still looking out for patches that fix the zero-day holes that still persist. The five basic vulnerabilities which have not yet been patched by Microsoft are still in the minds of everyone, and all eyes are on the software conglomerate to provide fixes for these pending issues soon.
Among some of the most jarring holes yet to be patched up by Microsoft, includes a bug in the Internet Explorer program. This bug was actually disclosed by Michal Zalewski, a security researcher for Google, and he had stated that an exploit for this bug is already available on the Internet. In addition to this, he had released a tool for the purpose of finding holes in Internet Explorer and other leading browser software. Microsoft has still not come up with a patch for this bug, and is in the process of assessing it at present.
Microsoft has been on a roll in trying to patch up the several vulnerabilities in its Windows lineup. In the last year, Microsoft had released a patch for 25 vulnerabilities in its Windows operating system as well as Exchange and Office, nine of which has been tagged as critical.