Microsoft Plugs Three Windows Security Holes – Krebs on Security

por

Microsoft Plugs Three Windows Security Holes – Krebs on SecurityMicrosoft today released security updates to fix at least three vulnerabilities in its Windows operating systems, including one labeled “critical,” the company’s most serious rating. However, none of the patches address five zero-day flaws that can be used to attack Windows users.

The critical update targets two weaknesses present in all versions of Windows that Microsoft said hackers could exploit to break into unpatched systems just by getting users to visit a compromised or malicious Web site. A second update fixes a security issue in the Windows backup tool that affects Windows Vista machines.

The vulnerability in the Windows backup tool stems from a weakness that extends to hundreds of third-party, non-Microsoft applications built to run on Windows. I discussed this issue at length in a blog post in September, but the upshot is that Microsoft has made available a FixIt tool to help fortify a number of these applications against a broad swath of security threats that stem from a mix of insecure default behaviors in Windows and poorly-written third party apps. If you haven’t already done so, take a moment to read at least the short version of that post, and apply the supplied FixIt tool from Microsoft.

Microsoft chose not to address a number of outstanding, known vulnerabilities for which exploit code is publicly available. Redmond’s Jonathan Ness explains the company’s thinking in holding off on fixing these flaws in a post to the Microsoft Security Research and Defense blog.

Microsoft has released two separate FixIt tools to help users mitigate the threat from a couple of the more pressing outstanding vulnerabilities. If you use Windows, and especially if you browse the Web with Internet Explorer, you should take a moment to take advantage of these stopgap fixes, available here and here.

The updates are available through Windows Update or via the Automatic Update capability built into all supported Windows versions. As always, if you experience any problems or glitches that appear to be related to applying these updates, please drop a note in the comments section.

Relacionado:

Microsoft parchea la falla Wormable en Windows XP 7 y Microsoft parchea la falla ‘Wormable’ en Windows XP, 7 y Windows 2003 – Krebs on Security Microsoft parchea fallas de Windows y Office – Krebs onMicrosoft parchea fallas de Windows y Office – Krebs on Security Correcciones de seguridad para Microsoft Windows Office – Krebs onCorrecciones de seguridad para Microsoft Windows, Office – Krebs on Security Microsoft lanzara un parche de emergencia para un error critico Microsoft lanzará un parche de emergencia para un error crítico de Windows – Krebs on Security Actualizaciones de seguridad de Microsoft y despedida de Windows XP Actualizaciones de seguridad de Microsoft y despedida de Windows XP Service Pack 2 – Krebs on Security Microsoft Issues WanaCrypt Patch for Windows 8 XP – KrebsMicrosoft Issues WanaCrypt Patch for Windows 8, XP – Krebs on Security

Deja un comentario