Microsoft plans to deal with eight vulnerabilities Jan. 10 as portion of its regularly scheduled Patch Tuesday round of security updates.
In its January 2012 Advance Notification issued today, Microsoft said it's going to release
seven bulletins, one rated “critical,†repairing coding errors across its product line. The protection updates address issues in Microsoft Windows and Microsoft developer tools and software, Microsoft said. The bulletins address quite a lot of flaws that may enable remote code execution and an escalation of privileges. One of the vital flaws, rated “important,†addresses a safety feature bypass, that could be utilized by an attacker to use another error. Angela Gunn, security response communications manager for Microsoft's Trustworthy Computing Group, said detailed analysis of the security feature bypass will be made available on Tuesday.
Microsoft issued an out-of-band security update Dec. 29, addressing four serious vulnerabilities within the .NET Framework. One of several fixes within the out-of-band update was a repair to dam hash collision attacks on ASP.NET Web applications. The attacks can cause systems to freeze up.
The update was prompted by a presentation on the Chaos Communications Congress in Berlin where two researchers identified tips on how to exploit the mistake, which might be present in a number of Web programming languages. The researchers say development frameworks must have randomized hash functions to forestall the issue.
~Robert Westervelt
Nessun commento:
Posta un commento
Comments links could be nofollow free