Feeds

Microsoft patches critical flaws

External testers give 'em the once over

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Microsoft's first security patch roundup of 2005 brings with it three security updates, two of which are critical. Most importantly, the software giant (at least partly) fixed a flaw with a HTML Help Control function in Windows, which recently became the target of a readily available exploit.

The security bug creates way for attackers to take complete control of vulnerable systems. Win 2000, Win 2003, NT 4 and XP users - even those who've applied SP2 - need to apply Microsoft's fix (MS05-001). Early reaction has been lukewarm, with security alerting firm Secunia describing it as a partial fix only.

Also on Microsoft's critical list is an Icon and Cursor handling flaw which can be exploited providing vulnerable users are tricked into visiting maliciously constructed websites (MS05-002). A flaw in Windows indexing component rates lower on Microsoft's peril index chiefly because the service is turned off by default. The company says this patch (MS05-003) is "important".

This month's patches are the first to be approved by a "small number of dedicated external evaluation teams", who are members of a closed beta programme for testing security updates. The Security Update Validation Program is designed to make sure software fixes are stable and reliable, an issue that has been a perennial problem for Microsoft shops in the past.

Yesterday also marked the first instalment of technology to remove malicious software from users' systems. The tool will be updated on the second Tuesday of every month. This month's update removes Blaster, Sasser, MyDoom, DoomJuice, Zindos, Berweb (also known as Download.Ject), Gailbot and Nachi viruses/worms. User can download the tool separately here or receive it through Windows Update. ®

Related stories

Exploit code attacks unpatched IE bug
MS plugs weak XP firewall
Five important fixes in MS December patch batch
MS virus clean-up tool sparks controversy
Blaster clean-up tool was stellar success - MS
MS mulls external testing for security patches

Beginner's guide to SSL certificates

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.