Microsoft closes four vulnerabilities, including DLL issues

Microsoft on Tuesday issued three patches to close four vulnerabilities that try to use a new remote attack vector to spread malware.

The high-priority fix, MS11-015, addresses two "DLL preloading" flaws – one labeled "critical" and the other "important – in Windows Media. Attackers can infect victims' PCs by tricking them into opening a malicious file. Windows Server 2003, 2008 and 2008 R2 are not affected by the bugs.

In August, Microsoft issued an advisory Monday after research revealed that a new class of vulnerabilities known as DLL (dynamic-link Library) preloading can be exploited remotely by an attacker who places a malicious library on a network share.

Tuesday's update also closes two DLL preloading vulnerabilities in Groove 2007 Service Pack 2 and the Windows Remote Client Desktop. Groove is collaboration software that is part of Office.

Microsoft did not patch a vulnerability in the MHTML (MIME Encapsulation of Aggregate HTML) protocol handler, used by applications to render certain types of documents. The bug, disclosed in January and which is similar to a cross-site scripting issue, could exploit machines if a user visits a website that forces them to run malicious scripts.

"[I]ts importance should not be underestimated," Roel Schouwenberg, a senior anti-virus researcher at Kaspersky Lab, wrote in a Tuesday blog post. "While not often used in mass attacks, they definitely serve a purpose in targeted attacks."

Meanwhile, Microsoft has set up a new site encouraging users to scrap Internet Explorer (IE) 6. The goal of the site is to push the worldwide usage of IE below one percent. Currently, 12 percent of machines run the more-than-decade-old browser. Microsoft cites privacy as one of the reasons users should upgrade to a newer version.