Network Security News

Microsoft 'Patch Tuesday' brings five critical security fixes

Tuesday, September 8, 2009

Microsoft will issue security patches for five critical software flaws affecting Windows for its monthly patch release Tuesday. The company said a vulnerability in Internet Information Services (IIS) is under limited attacks, but it may not have a patch for the web server flaw.

A File Transfer Protocol (FTP) security hole in IIS was disclosed on the web last week and Microsoft said it has seen proof of concept for two hacker attacks actively exploiting the holes. But in its patch announcement, Microsoft said it would only issue the fixes when ready.

"In related news, you will note that the ANS does not specify an update for the Internet Information Services FTP service vulnerability for which we released security advisory 975191 on Tuesday of this week," Microsoft said on its security response center blog.

"As noted in an earlier blog post, we have spun up our SSIRP (Software Security Incident Response Process) process to address this issue and our teams are working hard to produce an update. Please keep an eye on the advisory for more information and if you are not already, please subscribe to our comprehensive alerts to receive updates by email."

The five patches being released Tuesday are scheduled for 10 a.m. Pacific time. All are rated critical and all allow remote code execution on a user's PC.ADNFCR-1765-ID-19350882-ADNFCR

Related News:

Zeus botnet performs MySpace spam campaign to spread itself further - 11.20.2009
A sophisticated Trojan dubbed "Zeus" has sent a flood of email messages to MySpace users in an attempt to propagate itself onto more computers, according to researchers at the University of Alabama at Birmingham.

Experts dissect Chrome OS security features - 11.20.2009
Yesterday's release of Google's groundbreaking new cloud-based operating system, Chrome OS, has caused a stir in techie circles, with experts of all stripes rushing to examine the product and issue their judgments.

Microsoft counts Chrome coup with discovery of security flaw - 11.20.2009
Security researchers at Microsoft recently discovered a security vulnerability in Google's controversial Chrome Frame for Internet Explorer, a browser plug-in that simulates Chrome functionality within an Internet Explorer session.

iPhone user sues games maker, claiming to have found hidden spyware - 11.18.2009
An iPhone gamer filed a federal lawsuit against mobile game programmer Storm8 today, alleging that the company violated his privacy by including hidden code in its games that gathered his personal information without permission.

Government watchdog warns of possible IT leaks at Los Alamos - 11.16.2009
The Government Accountability Office has issued a report on data security at the Los Alamos National Laboratory which says that sensitive and highly classified information is vulnerable to outside access.
View Related Resources
Or
Watch an Online Demo
Or
Have us call you now