RSS Alerts

Share

More services

Related Links

Related Stories

  • Microsoft suffers continued Internet Explorer hits on patch Tuesday
    Microsoft took customers through a fairly sedate patch Tuesday this week, releasing just two bulletins addressing issues in its applications. However, all did not go without a hitch, as yet another zero-day vulnerability emerged for Internet Explorer.
  • Microsoft prepares for patch Tuesday
    Microsoft will not be patching last week's Internet Explorer vulnerability with this month's patch Tuesday releases, which are scheduled for tomorrow.
  • Microsoft fixes browser flaw
    Microsoft’s last Patch Tuesday of the year saw the release of fixes for five flaws in its Internet Explorer browser, including a critical zero-day security vulnerability that was first publicly disclosed three weeks ago.
  • Microsoft faces two zero-day security flaws
    Microsoft may be forced to release an out-of-cycle security update for a vulnerability published the same day as the firm released its September Patch Tuesday update.
  • Patch Tuesday fixed at least 22 Windows security flaws
    If you're an IT admin, you'll probably have woken up today to seeing a number of Windows machines – and quite probably the PC's users – noting that a major Microsoft update has taken place. That's right – it's a Patch Tuesday time of the month again.

Top 5 Stories

News

Microsoft to fix F1 bug

12 April 2010

Microsoft plans to fix the 'F1' security bug that has been plaguing Internet Explorer users for six weeks in its monthly set of security patches tomorrow.

Microsoft, which will be fixing 25 security vulnerabilities in all, made the announcement through its Advance Notification Service late last week. It will release 11 bulletins addressing vulnerabilities in Windows, Microsoft Office, and Microsoft Exchange.

The F1 bug was announced at the beginning of March. Detailed in Microsoft security advisory 981169, it concerned a vulnerability in VBScript, exposed on supported versions of Windows 2000, XP, and Windows Server 2003 via Internet Explorer. Windows 7, Windows Server 2008, and Windows Vista are immune to the bug, which allows arbitrary code to be remotely executed on a compromised system.

Also to be fixed is the security flaw announced in Microsoft security advisory 977544: 'Vulnerability in SMB could allow denial of service'. This vulnerability, published in mid-November last year, allows Microsoft's Server Message Block protocol to be exploited to stop a user's system from responding until manually restarted.

Of the 11 Microsoft patches to be issued tomorrow, five are critical and involve remote code execution, and four require a restart. "Overall, April's Patch Tuesday Bulletin will address at least two critical vulnerabilities for every popular Microsoft platform in use today, so the impact will be widespread regardless of what operating systems companies are currently running," said Don Leatham, senior director of solutions and strategy, for security company Lumension. "This means that IT departments will have to address and patch almost every machine in the organization."

When making the advanced notification, Microsoft's group manager for response communications, Jerry Bryant, also reminded users that Windows XP Service Pack 2 will no longer be supported after July 13. "Many customers are still on this version, so we encourage upgrading to Service Pack 3 or to Windows 7 as soon as possible," he suggested. Microsoft is also ceasing extended support for Windows 2000 on July 13, and will not provide any security updates for the operating system from that point onward.

This article is featured in:
Application Security • Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012