On Tuesday, Microsoft released monthly security updates issuing patches to fix 20 vulnerabilities in its most popular software including Windows, Office and even new anti-spyware and antivirus tools.
More than a half of these flaws are marked as critical. In other words, hackers can either exploit them remotely, or use them to gain control over remote computers after convincing victims to click on a harmful link or visit a malicious site.
It should be noted that at least 6 of these flaws have been used in recent zero-day attacks for quite a long time.
Below is the list of the most critical vulnerabilities that Tuesday’s updates aim to patch.
1. Remotely exploitable flaws in Microsoft Malware Protection Engine. Allow remote code execution
Popular software affected: Windows Live OneCare and Windows Defender.
2. Remotely exploitable flaws in Microsoft Internet Explorer. Allow remote code execution
Popular software affected: Microsoft Internet Explorer.
3. Multiple Microsoft Office vulnerabilities that allow remote code execution
Popular software affected: Microsoft Office 2000/XP/2003, Microsoft Works Suite 2004/2005/2006, Microsoft Visio 2002, Microsoft Project 2000/2002.
4. Vulnerability in HTML Help ActiveX control allows remote code execution
Popular software affected: Microsoft Windows 2000/XP, Microsoft Windows Server 2003
5. Vulnerability in OLE Dialog allows remote code execution
Popular software affected: Microsoft Windows 2000/XP, Microsoft Windows Server 2003.
Other flaws are less dangerous, but can also be used to attack vulnerable systems.
All users are encouraged to install latest updates as soon as possible. This can be done by either visiting the Microsoft Update site or by enabling automatic updates.
Do not delay! Computers running vulnerable software are perfect targets for ongoing attacks that exploit recent vulnerabilities.