After 24 hours of vulnerability and patching fun, users are being advised to grab Microsoft’s eight security patches and be wary of new critical systems exploits.
As SC reported last week Microsoft yesterday released eight patches, including five rated critical. The patches affect Windows, Internet Explorer, Exchange Server, MSN Messenger and Microsoft Word.
Additionally Microsoft is also releasing two non-security updates rated as “high priority.”
A flaw affecting multiple vendors has also been discovered, prompting a rush to patch, led by Microsoft and Cisco.
“In a nutshell flaws have been identified which allow an attacker to interfere with established TCP sessions,” said Gerhard Eschelbeck, CTO and VP of engineering at Qualys. “Sending specifically crafted ICMP packets, an attacker can disrupt, or even terminate existing TCP sessions between two systems, causing denial of service.
“As TCP and ICMP are at the core of the Internet, these issues are not unique to a particular vendor, but are quite widespread. At a guess 70 percent of systems on the internet can be affected by this vulnerability,” he added.
Worryingly, Finnish anti-virus vendor F-Secure is warning that exploit code for a Microsoft Jet Database Engine vulnerability has been published. It was not addressed by yesterday’s patch and hacker forum activity is already suggesting a good deal of attention is being paid to it.