Modernizing Authentication — What It Takes to Transform Secure Access
The first is a patch to a vulnerability found in several versions of Internet Explorer (IE) 5 and 6 affecting Windows 98/ME/XP and Windows Server 2003 operating systems.
A remote code execution bug targeting Portable Networks Graphic (PNG) images and XML content, combined with the end user's visiting a malicious e-mail or Web site, would allow the attacker to gain administrative rights over the person's machine.
Microsoft officials also plugged another critical vulnerability aimed at Microsoft's HTML Help function, where an attacker could bypass the software's methods for validating input data. As with the other critical bug, a user would first have to visit a Web site hosting the malicious bug before gaining complete control of the system.
Mitchell Ashley, CTO of network security vendor StillSecure, said the vulnerabilities patched in this month's update will keep security administrators busy, given the number of vulnerabilities and the number of different operating systems affected.
Recent patch updates also show that despite the considerable effort Microsoft has said it is placing on security, security experts are still finding flaws in new releases of its software.
''Now we're seeing patches not only to older operating systems but now we're seeing fixes that apply to [Windows Server] 2003, fixes that apply to [Windows XP and XP Service Pack 2],'' he said. ''There are certainly designs to make Longhorn a more secure operating system, but it's too early to tell what the impact of that is going to be and how different it will be from current generations of Windows operating systems.''