Microsoft plugs critical Windows, Office holes

Microsoft issued four security bulletins on Tuesday to fix five holes in Windows and Office, including a critical vulnerability in a Windows Help and Support Center feature that has been targeted by attacks.

The vulnerability in the online help feature, which is delivered with supported editions of Windows XP and Windows Server 2003, could allow an attacker to take control of a computer by luring a computer user to a malicious Web site. The bulletin has a severity rating of "critical" for Windows XP and "low" for Windows Server 2003, according to the advisory.

Microsoft and others criticized Google researcher Tavis Ormandy for publicly disclosing the hole before the software giant had a chance to develop a fix. Within days of the disclosure, there were attacks discovered that exploited the hole.

Bookmark and Share

No comments:

Post a Comment

Related Posts with Thumbnails