ITPRO

Printed from www.itpro.co.uk

Register to receive our regular email newsletter at http://www.itpro.co.uk/reg/register.

The newsletter contains links to our latest IT news, product reviews, features and how-to guides, plus special offers and competitions.

Skip to navigation

    Microsoft to issue six patches this Tuesday<br/>

Windows and Microsoft XML Core Services get patched up in Microsoft's November security bulletins next Tuesday.

By Matt Whipp, 10 Nov 2006 at 12:37

gallery

Microsoft has said it will issue six security bulletins in its November security update affecting Microsoft XML Core Services and Windows.

The one affecting the XML Core Services and at least one of the five affecting Windows are rated as Critical - Microsoft's most severe security rating.

Sysadmins will be hoping the fixes shore up systems currently at risk from a series of unpatched security holes that attackers are already trying to breach.

The update for XML Core Services might be the fix for Windows' XMLHTTP 4.0 ActiveX Control current mishandling certain requests that can lead to an attacker being at liberty to run code remotely on a target machine. According to Secunia, attack code is already in the public domain.

Security experts at Finjan have also warned of further as yet unpatched security issues which are being exploited by attackers.

It says an error in an ActiveX control in Visual Studio 2005 on Windows can lead to remote code execution, rating it as 'extremely critical'. Additionally, a memory corruption vulnerability exists in Microsoft's daxctle.ocx ActiveX, which is also described as 'extremely critical'.

A less severe problem exists in the ADODB.Connection ActiveX control, which an attacker can use in a DOS attack. Finjan says that exploit code for all of these flaws is already available and that attacks are becoming increasingly frequent.

Email to a friend

Print this page

< Previous   Security : News Next >

Office 365: A complete Guide

Be the first to comment on this article

You need to Login or Register to comment.

    You may also like...

 Sponsored Links

advertisement

    You may also like...

    Latest Security Analysis & Insight

passwords

What is your password worth?

Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.

Read more

 

More Security Analysis & Insight

    Latest Security Reviews

Check Point 2210 Appliance

Check Point 2210 Appliance review

Rating: 4

Check Point's new 2200 Appliances combined enterprise level network security with an SMB price tag. Its software blades provide a wealth of features, but do they complicate deployment? Read this exclusive review to find out.

Read more

 

More Security Reviews

advertisement

    Most popular

    Latest News Videos in Security

Data protection

IT PRO Podcast: Are UK data protection laws flawed?

Play IT PRO Podcast: Are UK data protection laws flawed?   Play

We bring in two experts to talk about the problems with UK data protection law and the way it is managed.

 

    Register for IT PRO

You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.

Register
Sponsored Links
Advertisement