ERP Software Blog| SAP Blogs| SAP HANA Blogs| Microsoft Dynamics 365 Blogs

Microsoft Releases Fixes and a Workaround for Several Vulnerabilities

By D1 Technologies, LLC

The web is indeed becoming a dangerous place. These days, your PC could become infected with malware or vulnerable to a hacker attack just by innocently browsing a website or opening an email. Last July 14th, Microsoft released six bulletins with fixes for at least nine known security vulnerabilities that put users at risk in a range of Microsoft products. Many of the vulnerabilities, if not patched, can allow “remote code execution” or allow a hacker or malicious software to take over your PC and run unauthorized commands.

ZDNet’s Ryan Naraine has posted a helpful summary of the released fixes:

  • MS09-029: This update covers two privately reported vulnerabilities in the Microsoft Windows component Embedded OpenType (EOT) Font Engine, which could allow remote code execution. Rated “critical” for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
  • MS09-028: This update fixes three separate vulnerabilities (one publicly disclosed and under attack!) in Microsoft DirectShow, which could allow remote code execution if a user opens a specially-crafted QuickTime media file.
  • MS09-032: This update resolves a privately reported vulnerability in Microsoft Video ActiveX Control. The vulnerability could allow remote code execution if a user uses Internet Explorer to view a specially-crafted Web page that uses the ActiveX control. This vulnerability is currently being exploited in the wild! Rated “critical” for all supported editions of Windows XP and “moderate” for all supported editions of Windows Server 2003.

Some of the vulnerabilities, notably one in Microsoft Office Web Components, do not yet have a patch. An attacker who successfully exploits this vulnerability could potentially gain the same user rights as a local user, allowing the attacker to modify or remove files on the PC remotely. This could potentially happen simply by using Internet Explorer to visit a website. A workaround exists by downloading a free utility from Microsoft called FixIt, which prevents the Microsoft Office Web Components from running in Internet Explorer.

Users, as always, are advised to immediately download the updates and utilities, or use Microsoft’s Windows Update service. If you need help installing the patches or workarounds, or if you feel your PCs are at risk, contact us immediately.

Related articles:

Published with permission from TechAdvisory.org. Source.

Topics: News, security, general news

Recent Posts

How to Create Templates for Pick & Pack in SAP Business One!

Sep 19, 2018 10:27:02 AM

Payment Means Are One Click Away in SAP Business One!

Aug 27, 2018 3:33:26 PM

There Are New Options in User Groups Setup in SAP Business One!

Aug 20, 2018 11:09:30 AM

How to Show Zero Price for Inactive Price Lists in SAP Business One!

Aug 13, 2018 10:41:46 AM

How to Choose the Best ERP Software for Small Business

Aug 7, 2018 6:49:12 AM

Posts by Topic

see all