Seven patches for St Valentine's patch Tuesday
Say it with vulns
Posted in Enterprise Security, 15th February 2006 15:17 GMT
Free whitepaper – Extended Validation SSL Certificates
Microsoft marked Valentine's Day with the release of seven patches - two critical and five important - as part of its regular monthly "Patch Tuesday" update cycle. The most serious security vulnerabilities involve flaws in Internet Explorer and Windows Media Player.
The IE patch (MS06-004) covers a cumulative update of security fixes. The (more noteworthy) Windows Media Player flaw creates a route for a malicious bitmap file (BMP) to inject malign code on vulnerable systems. It's similar in type to the Windows WMF flaw that became the subject of a large number of Trojan attacks in late December. But the latest vulnerability is harder to exploit and is not currently the subject of any hacker action. Nonetheless, Media Player versions 7.1 through 10 all need patching.
Microsoft's security bulletin, which gives a full run down of all seven flaws, can be found here. ®
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server


The business case for application security
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Server-gated cryptography
Airport insecurity: the case of lost laptops
Feds: Hospital hacker's 'massive' DDoS averted
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive