• Home
• Business Systems
  • Backup Solutions
  • IT Support
  • Monitoring & Support
  • Remote Access
  • Small Business Solutions
  • Special Offers
  • System Security
  • Website Hosting
• Networking
  • Internet Connectivity
  • IP Security Cameras
  • Wireless Networks
• Telephony
  • Call Plans
  • Fax To Email
  • Telephone Systems
• About Us
  • Privacy Policy
  • Terms of Use
• Contact Us
• News

« Win an iPod Nano | Home | Watch out for swine flu email scams »

Microsoft Patches for April 2009 – 5 critical

By Boundary | April 14, 2009

Microsoft plans to ship 8 security bulletins next Tuesday (April 14, 2009) to fix remote code execution and denial of service vulnerabilities affecting Windows, Office and Internet Explorer.

According to the company’s Patch Tuesday advance notice, five of the bulletins will be rated “critical,” meaning they can be exploited by hackers to take complete control of Windows machines.

One of the Internet Explorer vulnerabilities being fixed is the musty old Safari-to-IE carpet bombing blended threat that combined flaws in two browsers into a code execution attack.

The IE flaw was originally discovered and reported by Aviv Raff back in November 2006 (more than two years ago!) but was ignored by Microsoft until the Safari carpet-bombing bug emerged to show how a combo-attack could lead to complete PC takeover.

Microsoft will actually issue two separate bulletins on this issue — one with a patch that changes several calls to LoadLibrary and SearchPath in Internet Explorer to stop the browser from attempting to load libraries directly from the desktop.

Topics: Security | No Comments »