[ISN] Microsoft To Patch Three Zero Day Vulnerabilities

From: InfoSec News <alerts_at_nospam>
Date: Tue Feb 08 2011 - 09:10:53 GMT
To: isn@infosecnews.org

http://www.informationweek.com/news/windows/security/showArticle.jhtml?articleID=229201249

By Mathew J. Schwartz
InformationWeek
February 7, 2011

Microsoft's February Patch Tuesday will see the release this week of 12
security bulletins, patching a total of 22 vulnerabilities, including
three that could be exploited via zero-day attacks.

According to Wolfgang Kandek, CTO of Qualys, "these vulnerabilities have
seen limited exploits in the wild, so applying the update is highly
recommended."

One of those bugs, a CSS-related vulnerability that affects all versions
of Internet Explorer, was disclosed in late 2010 by a Google researcher.
By early January, security firms reported that attackers were actively
exploiting the bug.

Microsoft will also patch a zero-day vulnerability in the Windows
Graphics Rendering Engine. Attackers could exploit the flaw using
malicious thumbnail images, and execute arbitrary code at the user's
permission level.

[...]

___________________________________________________________
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/

This message: [ Message body ]
Next message: InfoSec News: "[ISN] [Dataloss Weekly Summary] Week of Sunday, January 30, 2011"
Previous message: InfoSec News: "[ISN] HBGary Federal Hacked by Anonymous"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]