Microsoft fixes image handling flaw in latest monthly security bulletin
Microsoft has included two critical patches in its January security bulletin closing up holes in its browser and operating system software.
The patches fix an HTML Help ActiveX control Cross Domain Vulnerability and an error in the way Windows handles cursor and icon images. Left unpatched, Windows systems would be open to attack if the owners could be persuaded to view specially modified websites or email messages.
Successful attacks would allow full access to the system including the ability to run code, install programs and add, edit or delete data.
A third patch, rated as important, also has the potential for running code remotely. However, this vulnerability in the Indexing service is most likely to result in a denial of service attack says Microsoft. It says the Indexing service is not installed by default and even if it is, is not visible across the Internet unless an interface has been built for it.
Full details and downloads of the patches are available at the Microsoft website.
Microsoft has also made its malware removal tool available – the first product of its antivirus acquisition 18 months ago. The malware removal tool is available as a free beta and will undergo testing for six months before the company decides on whether it will be bundled or separate, free or charged for.
The initial download is an amalgamation of existing scan and removal utilities for well-known worms and viruses already provided by Microsoft. It will be updated on a monthly basis in line with the security bulletins – but more often if necessary.