Critical Fixes from Microsoft

By Jimmy Daniels
Contributing Writer, RealTechNews

Just to make sure everyone knows and updates, Microsoft released some patches, including one that addresses part of the Sony rootkit problem Michael had been covering in previous weeks, making it impossible to run older versions of an ActiveX control that was released by the record label.

The software maker released the patch in security bulletin MS05-054, as part of its monthly patching cycle. The update also plugs three other security holes in Internet Explorer, the Web browser component of Windows. One of the other flaws is also deemed critical, but Microsoft said it is not aware of any malicious code that takes advantage of it.

“An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system,” Microsoft warned in its security bulletin, referring to the two critical IE flaws. The vulnerabilities exist in all currently supported versions of the browser on all editions of Windows.

One serious flaw lies in the way IE handles certain document object model methods, a problem originally reported in May. Microsoft itself has warned that the hole is actively being exploited to download malicious code to vulnerable systems. Security-monitoring company Secunia deems the problem “extremely critical,” its rarely given highest rating. Source: News.com.

We Say: Several other flaws were also patched, one fixing the way the dialog box is displayed for file downloads, one involving connecting to the net with a specific kind of proxy server and another for Windows 2000. If you’re not using automatic updates, you should be. Visit the Security Bulletin Search for more details and to download patches, or visit here and turn on automatic updates.