Microsoft plugs critical DirectShow, Video ActiveX holes
Microsoft on Tuesday issued patches to fix critical vulnerabilities in DirectShow and Video ActiveX that have been targeted in attacks, as well as fixes for holes in Embedded OpenType Font Engine and Microsoft Publisher that could allow someone to remotely take control of the PC.
Overall, the six "Patch Tuesday" updates fix nine vulnerabilities in Windows, Microsoft Office, Internet Security and Acceleration Server, Virtual PC, and Virtual Server.
The three DirectShow vulnerabilities could allow an attacker to remotely run code on the machine if a user opened a specially crafted QuickTime file. Microsoft warned of exploits against one of the holes in May.
The fix for the ActiveX control addresses a vulnerability that could allow remote code execution if someone viewed a malicious Web page via Internet Explorer using the ActiveX control. Microsoft offered a workaround for the hole last week.
Affected software for the critical updates is Windows 2000, Windows XP, Windows Vista, and Windows Server 2003 and 2008. The versions of Direct X affected are DirectX 7.0, 8.1, and 9.0.
The noncritical updates, rated "important," affect 2007 Microsoft Office System Service Pack 1, Microsoft Internet Security and Acceleration Server 2006, Microsoft Virtual PC 2004 and 2007, and Microsoft Virtual Server 2005 R2.
In addition, Microsoft updated its Malicious Software Removal Tool (downloadable here) to remove the Win32/FakeSpypro rogue security program designed to trick people into paying for alleged security software they don't need.
Meanwhile, a comprehensive update for the Office Web Components vulnerability affecting Excel, which the company said on Monday was being exploited in attacks, was not yet ready for broad distribution, according to Microsoft. The company is urging customers to apply the automatic "Fix It" workaround, provided in Knowledge Base Article 973472.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
Amen
I'm surprised... you posted something without shouting "Die, Microsoft. Die!" Are you losing your touch? :)
Now only if we could get him to stop posting altogether.
I cant wait for next Tuesday. With so many patches to come, M$ should rename Windows to "Patch-hole OS" - SP10 in stores near you this fall for $220, Ultimate version only.
LOL
That's XP machines, not Vista machines. And since Vista replaced XP in 2006, I'm afraid this comment of yours is three years out of date. Mac OS X Leopard is the most vulnerable operating system currently on the market. The reason you don't have a pandemic is because Windows machines are abundant, running on 9 in 10 machines worldwide; hackers haven't had the need to attack anything else. And because Vista has been poorly received, and used mostly on new systems rather than as an upgrade, XP continues to present an abundance of resources.
That said, Apple started gaining significant market share prior to the recession and the "laptop hunter" commercials, and consequently caught criminals' attention. Slowly but surely, they're familiarizing themselves with the platform's architecture. We've been seeing a lot of blogs about Mac malware on CNET lately. Last I heard, iBotnet was over 20,000 machines strong, and this is just a Trojan horse we're talking about! When Mac-targeted drive-by downloads start flooding the Web, it's not going to be pretty.
http://www.linuxtoday.com/news_story.php3?ltsn=2009-04-17-030-35-SC-SW
* web browsers do not always provide accurate information to web servers.
* the sites reporting may be specific to a particular operating system.
* many computers are blocked from browsing to some classes of sites by firewalls or filters.
* some computers are not connected to the Internet.
* some computers run more than one operating system simultaneously (virtualization) or at different times (multiple booting).
* the methodology (lists of sites, determination of operating system, counting sessions, unique visitors, page hits, or site hits) may be unrepresentative of the universe of computers.
* one computer may be counted multiple times, others not counted.
* clients using one OS may be running a session on another computer using a different OS.
* search engines significantly contribute to web traffic, they may report arbitrary user agent strings
* Web browsing is not equally important for different classes of users. E.g. a schoolboy with plenty of free time may visit a 100 googled different web pages in a particular day, and on the same day a busy manager may visit only 2 different web pages. Thus market share of systems preferred by young technology enthusiasts is probably greatly overestimated in web browsing based surveys, but it is impossible to say to which degree.
http://en.wikipedia.org/wiki/Usage_share_of_desktop_operating_systems
you and mokeyfun.. something have long been identified as Micro$oft shills. No problem! The world can deal with cash for comment.
Every time you are posting we can hear the cling of coins, from Micro$oft money going into your accounts.
Enjoy your financial gain ...
[CNET editor's note: Offensive language deleted.]
How much does Apple pay you tools?
I also worry about undisclosed bugs in Apple's QuickTime, Adobe Flash and Reader, as well as Sun's JRE.
The Internet is so much fun!
...on which platforms? ;)
>>>>Whichever ones are targeted.
- by shellcodes_coder July 15, 2009 6:58 AM PDT
- CrApple patch more security holes than Microsoft does.
- Like this Reply to this comment
-
-
- by jpap93 July 16, 2009 2:17 AM PDT
- Actually, they have more vulnerabilities, but patch less. Their tactics are "DENIAL!!! NOTHING CAN TOUCH US!!".
- Like this 1 person likes this comment
-
(20 Comments)That's why every Mac user thinks he is safe. Bad news - you ain't.