Microsoft to roll out 'critical' patches for Windows and IE

Ed Scannell

Microsoft has released 13 bulletins to address 22 security flaws across several of its core products, including two that are rated "critical" threats to its servers and browsers.

The first critical bulletin is a patch for Windows Server 2008 and Windows Server 2008 R2 operating systems that resolves two vulnerabilities. The more serious of the two allows for remote code execution if an attacker registers a domain, creates a Name Authority Pointer (NAPTR) Domain Name System resource record and then sends a query to the target DNS server. Those servers that do not have the DNS role enabled are not at risk, according to Microsoft.

The second critical bulletin is directed at Internet Explorer Versions 6 and 9 operating on Windows 7, Windows XP and Vista. The patch addresses a vulnerability that could allow remote code execution so attackers could take control of targeted servers.

The other 11 bulletins, nine of which were rated "important," address a number of remote code-execution vulnerabilities as well as flaws enabling elevation of administrative privileges, denial-of-service attacks and unauthorized information disclosure.

One of those bulletins is a security update to address vulnerabilities in all editions of Windows Server 2003 and Windows XP. The vulnerabilities allow the elevation of privilege once a hacker successfully logs on to a system and runs an application specifically designed to take complete control of that system.

In addition, Microsoft released patches for its .Net framework and Visual Studio 2005 development toolset, along with another for its Visio diagramming application.

The patch for .Net is a security update to address a vulnerability in SP.Net Chart controls. The vulnerability could allow information disclosure if a hacker sent a Get request to an affected server hosting the Chart controls.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: