Microsoft today released three bulletins fix four vulnerabilities in Windows and Microsoft Office, including one rated "critical" for Windows XP, Vista, and Windows 7.

Bulletin MS11-015 complete a critical vulnerability in DirectShow and one in Windows Media Player and Media Center, according to security adviser. more severe than the lack of control could allow remote code execution, and thus complete the computer, if the malicious file is opened the Digital Video Recording. Vulnerability of a rating of "important" influence of certain media files on all versions of Microsoft Windows, the company said in a blog post.

"Microsoft is usually the level of vulnerability types of file formats as the only 'essential' because the user interaction is required," said Wolfgang Kandek, chief technology officer Qualys. "But this particular defect has a component that allows for an attack via a link in the browser and allows the exploitation of automatic 'drive-by' fashion 'by only visiting the Web site.

Two other good bulletin preloading problems with DLL (Dynamic Link Library) and rated "important." The bulletin, released as part of Patch Tuesday monthly security update company Roundup.

MS11-016 affects Microsoft Groove 2007 Service Pack 2, which is used in Office. The vulnerability could allow remote code execution if a user opens a file-related legal Groove located on the same network directory as the library file is dangerous.

Meanwhile, MS11-017 affects the Windows Remote Desktop Client. The vulnerability could allow remote code execution if a user opens a legitimate Remote Desktop configuration file located in the same network folder as a library file is dangerous.

Microsoft also said work to provide solutions through monthly security update process to deal with HTML Mime-related holes in all supported versions of Windows that became public last month.


Posting Komentar