Microsoft has released eight security bulletins to address a total of 23 vulnerabilities across a number of its products on its October Patch Tuesday. One update for Internet Explorer alone closes eight critical holes. An update for .NET and Silverlight closes another critical vulnerability that only requires victims to visit a specially crafted web page in order to infect their computers with malicious code. Microsoft says that this hole can also be exploited to compromise a server if an attacker has the ability to upload ASP.NET pages to an Internet Information Server (IIS) and execute them there.
The remaining updates are rated as important by Microsoft; they fix vulnerabilities in the Microsoft Active Accessibility and Windows Media Center components, in the Windows kernel, in the Host Integration Server, in the Windows Ancillary Function Driver and in the Forefront Unified Access Gateway (UAG). Although some of these holes also enable attackers to inject and execute code, they require more user interaction than those in Internet Explorer.
Microsoft has also released further patches to fix vulnerabilities that are based on "binary planting", an attack which involves causing Windows to load DLLs from shared network volumes without a user's permission. As with the previous Patch Tuesday, an updated version of the Microsoft Windows Malicious Software Removal Tool (MSRT) was released at the same time.
The remaining updates are rated as important by Microsoft; they fix vulnerabilities in the Microsoft Active Accessibility and Windows Media Center components, in the Windows kernel, in the Host Integration Server, in the Windows Ancillary Function Driver and in the Forefront Unified Access Gateway (UAG). Although some of these holes also enable attackers to inject and execute code, they require more user interaction than those in Internet Explorer.
Microsoft has also released further patches to fix vulnerabilities that are based on "binary planting", an attack which involves causing Windows to load DLLs from shared network volumes without a user's permission. As with the previous Patch Tuesday, an updated version of the Microsoft Windows Malicious Software Removal Tool (MSRT) was released at the same time.
-News Source (The H, Microsoft)
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
Microsoft
,
security-news
,
vulnerablity