Numerous flaws were addressed via patches Tuesday by Microsoft.
The company also addressed at least 15 other flaws in its software, and urged customers to quit using the desktop Sidebar and Gadget capabilities offered in Windows 7 and Windows Vista.
By far the most urgent of the updates is MS12-043, which fixes a critical vulnerability in Microsoft XML Core Services that miscreants and malware alike have been using to break into vulnerable systems. Microsoft had already warned about limited, targeted attacks using this flaw, but late last month an exploit built to attack the XML bug was added to the BlackHole Exploit Kit, an automated browser exploit tool that is very popular in the criminal underground right now.
Other critical patch bundles include a fix for a dangerous flaw in the Microsoft Data Access Components (MDAC) of Windows, and an update to address a pair of vulnerabilities in Internet Explorer.
Microsoft also released a FixIt tool to help network administrators block the use of Gadgets and the Sidebar on Windows 7 and Windows Vista systems. “We’ve discovered that some Vista and Win7 gadgets don’t adhere to secure coding practices and should be regarded as causing risk to the systems on which they’re run,” Microsoft said in a blog posting, without offering much more detail about any specific findings.
- Bad week for Microsoft as security fails and cyber threats increase (seshippingnews.typepad.com)
- Security flaws signal early death of Windows Gadgets (zdnet.com)
- Microsoft patches critical drive-by IE9 bug, Windows zero-day (techworld.com.au)