Microsoft to fix zero-day SMB, IIS holes
Published: 09 Oct 2009 14:19 BST
Microsoft on Thursday said it will provide a fix next week for zero-day flaws in Microsoft Server Message Block and Internet Information Services that could allow an attacker to take control of a computer.
Those are just two of the 34 vulnerabilities addressed in 13 bulletins (eight of which are critical and five of which are rated important) that will be fixed during Patch Tuesday, according to a blog post on the announcement. The bulletins affect Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools and SQL Server, the advisory shows.
The Server Message Block (SMB) flaw was reported a month ago. At the time, Microsoft said it affected Vista, Windows Server 2008, and the "release candidate" version of Windows 7, but not the final version that was completed in July. Windows Server 2008 R2 is not vulnerable, and neither are the earlier Windows XP and Windows 2000 operating systems .
Microsoft, which previously released a temporary fix for the SMB hole, reported the Internet Information Services (IIS) flaw in the File Transfer Protocol in August. Its advisory says there have been limited attacks that use the IIS flaw exploit code, which was posted on the Milw0rm website, according to IDG News Service.
For the full story, see Microsoft to patch zero-day SMB, IIS holes at CNET News.
Did you find this article useful?
7 out of 7 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
