RSS Alerts

Share

More services

Related Links

Top 5 Stories

News

Microsoft to fix F1 bug

12 April 2010

Microsoft plans to fix the 'F1' security bug that has been plaguing Internet Explorer users for six weeks in its monthly set of security patches tomorrow.

Microsoft, which will be fixing 25 security vulnerabilities in all, made the announcement through its Advance Notification Service late last week. It will release 11 bulletins addressing vulnerabilities in Windows, Microsoft Office, and Microsoft Exchange.

The F1 bug was announced at the beginning of March. Detailed in Microsoft security advisory 981169, it concerned a vulnerability in VBScript, exposed on supported versions of Windows 2000, XP, and Windows Server 2003 via Internet Explorer. Windows 7, Windows Server 2008, and Windows Vista are immune to the bug, which allows arbitrary code to be remotely executed on a compromised system.

Also to be fixed is the security flaw announced in Microsoft security advisory 977544: 'Vulnerability in SMB could allow denial of service'. This vulnerability, published in mid-November last year, allows Microsoft's Server Message Block protocol to be exploited to stop a user's system from responding until manually restarted.

Of the 11 Microsoft patches to be issued tomorrow, five are critical and involve remote code execution, and four require a restart. "Overall, April's Patch Tuesday Bulletin will address at least two critical vulnerabilities for every popular Microsoft platform in use today, so the impact will be widespread regardless of what operating systems companies are currently running," said Don Leatham, senior director of solutions and strategy, for security company Lumension. "This means that IT departments will have to address and patch almost every machine in the organization."

When making the advanced notification, Microsoft's group manager for response communications, Jerry Bryant, also reminded users that Windows XP Service Pack 2 will no longer be supported after July 13. "Many customers are still on this version, so we encourage upgrading to Service Pack 3 or to Windows 7 as soon as possible," he suggested. Microsoft is also ceasing extended support for Windows 2000 on July 13, and will not provide any security updates for the operating system from that point onward.

This article is featured in:
Application Security • Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012