• Promo: B.Sc. Info Systems, Trinity

    IT workers face the challenge of developing their communications, business and management skills.
    » more

  • Blog: IE8 & the prvacy dilemma

    Will the new protections planned for IE8 just make us even more complacent?
    » more

  • Web Pick: UBIK.com

    With just a few clicks, UBIK brings mobile site design to the masses.
    » more

SECURITY

Microsoft patches six critical flaws

14-02-2007

by Ciara O'Brien

In its monthly security bulletin on Tuesday Microsoft released patches for 20 vulnerabilities.

The flaws spanned Microsoft's range of software, including a component of its recently released operating system Vista. Six of the vulnerabilities were classed as critical; if exploited, these could allow malicious users to seize control of computers -- a warning that should be familiar to Windows users by now.

The critical flaws were found in Windows, Office, Works, Internet Explorer and the company's Malware Protection Engine software.

Vista, which is touted as being more secure than its predecessors, was affected by one of the more severe vulnerabilities through the Malware Protection Engine, which is used by Windows Live One Care, Forefront Security, Antigen and Windows Defender. Windows Defender ships as part of the Vista operating system. The flaw, which was privately reported, was discovered in the way that the software processes PDF files.

"An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft's security bulletin said. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

The Patch Tuesday bulletin also included a critical update for Microsoft Word, which fixed exploits targeting Word that malware writers have been attacking in recent weeks. Excel and PowerPoint flaws were also patched.

A further six, less serious security holes were discovered and patched in Windows Shell, ActiveX control, Windows Image Acquisition Service and RichEdit, among others. These were rated as "important" -- less serious than the critical flaws.

Meanwhile, it seems virus writers are taking advantage of the week's romantic spirit to spread their malware, with nasties lurking under the guise of mushy messages.

The usual viruses were doing the rounds hidden in messages with subject lines such as "Together You and I" and "Everyone Needs Someone", and usually have an executable attachment. However, instead of romantic greetings, the e-mail attachments contain malware known as the Nurech.A worm.

"This weekend we have seen a lot of activity from a new worm. It is called Nurech.A. In the last 48 hours it got more than 60 percent of all the messages received in PandaLabs. At some points it was massively spammed," said security firm PandaLabs in its blog.

The virus shuts down security processes including antivirus software and firewalls, leaving machines wide open to infection.

The usual advice is being offered -- keep all security software up to date and operational, and don't open suspicious e-mail from senders you don't recognise.

Click here to make ENN your home page
Sign Up for FREE ENN Newsletters

VIDEO REVIEW

Dell not dull; sees red
Dell adds a splash of colour to its latest laptop range, but is this enough, or do consumers want an edgier look? » Read more

ENN CORPORATE

Complete copywriting services
Do you need skilled writers to put together compelling prose for your company? Why not check out the new-look corporate services site from ENN and see how we can put our skills to your use. » Read more

  • Hosted by TeleCity

SUBSCRIBE

Not a member yet?
Sign up free, click here
To change your ENN Newsletter and alerts preferences here

WHO'S WHO IN PR

Full listing of Irish PR firms, including high-tech specialists. » Click here