Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search

 

Microsoft announces 7 New Vulnerabilities


Today, Microsoft announced seven new product vulnerabilities - ranging from Moderate to Critical - along with patch information that impact both enterprise and consumer users. These newly announced vulnerabilities may be exploited remotely, which could allow denial-of-service attacks, and could result in the loss of confidential data. Symantec strongly advises users to apply security patches for these vulnerabilities immediately. Additionally, users and IT administrators should maintain firewalls and keep antivirus definitions up-to-date at all times.

"It is critical that users adhere to strict security best practices," said Vincent Weafer, senior director, Symantec Security Response. "Our security experts will continue to closely monitor for global activities for signs of attacks."

Please see below for detailed summaries of the top four vulnerabilities announced today.

1. Task Scheduler Vulnerability (841873) -- Microsoft Security Bulletin MS04-022 http://www.microsoft.com/technet/security/bulletin/ms04-022.mspx

Overview/Risk: A remote code execution vulnerability exists in the Task Scheduler because of an unchecked buffer. A buffer is a program that resides in memory that accepts data from external sources. Unchecked buffers are programs that do not include commands to check that the data is valid.

If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take control of an affected system.

In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site. An attack could only occur after a user has performed these actions.

Symantec Security Response has rated this threat at a High risk.

2. HTML Help Vulnerability (840315) - Microsoft Security Bulletin MS04-023 http://www.microsoft.com/technet/security/bulletin/ms04-023.mspx

Overview/Risk: The HTML Help vulnerability occurs because HTML Help does not completely validate input data.

If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take control of an affected system. As with the threat above, in a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability.

Symantec Security Response rates this threat as a High risk.

3. Windows Shell Vulnerability (839645) - Microsoft Security Bulletin MS04-024 http://www.microsoft.com/technet/security/bulletin/ms04-024.mspx

Overview/Risk: A vulnerability in Windows Shell could allow remote code execution. Windows Shell is an add-on user interface for Windows.

If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges.

However, significant user interaction is required to exploit this vulnerability. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.

Symantec Security Response has rated this threat at a Medium risk.

4. IIS Redirection Vulnerability (841373) - Microsoft Security Bulletin MS04-021 http://www.microsoft.com/technet/security/bulletin/ms04-021.mspx

Overview/Risk: An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could exploit the vulnerability by creating a specially crafted message and sending the message to an affected system, which could then cause the affected system to execute code.

Symantec Security Response has rated this threat at a Medium risk.

© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 

Mycoplasma Bovis: More Properties Positive

One of the latest infected properties is in the Hastings district, the other three are within a farming enterprise in Winton. The suspect property is near Ashburton. More>>

ALSO:

Manawatū Gorge Alternative: More Work Needed To Choose Route

“We are currently working closely and in partnership with local councils and other stakeholders to make the right long-term decision. It’s vital we have strong support on the new route as it will represent a very significant long-term investment and it will need to serve the region and the country for decades to come.” More>>

ALSO:

RBNZ: Super Fund Chief To Be New Reserve Bank Governor

Adrian Orr has been appointed as Reserve Bank Governor effective from 27 March 2018, Finance Minister Grant Robertson says. More>>

ALSO:

ScoopPro: Helping PR Professionals Get More Out Of Scoop

Scoop.co.nz has been a fixture of New Zealand’s news and Public Relations infrastructure for over 18 years. However, without the financial assistance of those using Scoop in a professional context in key sectors such as Public Relations and media, Scoop will not be able to continue this service... More>>

Insurance: 2017 Worst Year On Record For Weather-Related Losses

The Insurance Council of New Zealand (ICNZ) announced today that 2017 has been the most expensive year on record for weather-related losses, with a total insured-losses value of more than $242 million. More>>

ALSO: