Light Patch Tuesday Release Brings Heavy Warning from Microsoft
Microsoft yesterday unveiled its March Patch Tuesday offering, and by comparison to recent months it was a relatively calm affair. Only two security bulletins addressing eight vulnerabilities were announced, but they were joined by a warning related to a new zero-day Internet Explorer flaw which does not yet have a fix.
Both of the bulletins Microsoft released in accordance with its March Patch Tuesday have been designated "important". That's a big step down from this past February's Patch Tuesday, where about one-fifth of the 26 vulnerabilities were considered "critical," Microsoft's highest alert rating.
Two New Exploits Require User Interaction
This month's flaws are being called "important" rather than "critical" because they require user interaction in order to execute and exploit a system. In one case, a hacker must convince a user to open a malicious Excel file in order for the attack to take place.
"Exploitability is high for the majority of vulnerabilities listed, so we suggest to put this patch on a fast installation schedule," noted Wolfgang Kandek, security firm Qualys' CTO. (Source: informationweek.com)
The other advisory is related to a vulnerability in Windows Movie Maker, and it too requires the hacker convince a user to open a malicious attachment.
New Internet Explorer Flaw Attacks IE 6, 7
According to Microsoft, a new zero-day flaw associated with its web browser Internet Explorer 6 and 7 is now on the loose. The issue, it seems, does not affect Internet Explorer 8.
At the moment, Microsoft says the issue is due to an invalid pointer reference inside Internet Explorer that could be accessed even after an object is deleted by the user. It's possible a hacker could use this flaw towards remote code execution, or the unauthorized takeover of a user's system.
"At this time, we are aware of targeted attacks attempting to use this vulnerability," Microsoft yesterday noted. "We will continue to monitor the threat environment and update this advisory if this situation changes."
Internet Explorer users will remember that the last zero-day vulnerability of this kind affecting their browser was tied to the very destructive "Operation Aurora" cyber attack launched on Google in January.
Microsoft's next Patch Tuesday is scheduled for April 13. There has been no word yet on whether a fix for this latest zero-day flaw will warrant an emergency patch release. (Source: computerworld.com)
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.