5 Most Exploitable Widows Holes You Must Patch

Windows Security : 5 Most Exploitable Widows Holes You Must Patch

Posted by Max on 2007/8/25 14:17:55 (1703 reads)

3 Microsoft Windows , one Winzip and one QuickTime vulnerabilities make the top five exploitable security holes for all Windows users. $400 can buy you a fully automated attack kit for exploiting these vulnerabilities. This attack kit called MPack has been used heavily in Italy in what has become known as the Italian Job.

The first three vulnerabilities listed here affect Windows; if you've been keeping up with Automatic Updates, you should have the patches. To make sure, run Windows Update from the Start menu, or download the patches individually from the listed Microsoft links.

The other two attacks hit QuickTime and WinZip, and are meant to catch people who might update Windows but not worry about other programs.

The must-close holes

Microsoft XML Core Services overflow

Critical flaw for Windows XP SP2, Windows 2000 SP4 and Windows Vista
Get the fix from Windows Update or Microsoft

WebViewFolderIcon overflow

Critical flaw for Windows XP SP1 and SP2 and Windows 2000
SP4
Get the fix from Windows Update or Microsoft

ANI overflow

Critical flaw for Windows XP SP2, Windows 2000 SP4, Windows Vista and Windows Server 2003
Get the fix from Windows Update or Microsoft

WinZip ActiveX overflow

Critical flaw for WinZip 10 prior to Build 7245 on Windows (WinZip doesn't specify which versions of Windows)
Get the fix (and instructions) from WinZip

QuickTime overflow

Critical flaw for QuickTime Player 7.1.3 on Windows XP/2000
Get the fix (and instructions) from Apple, or choose Help,Update Existing Software from the QuickTime menu.

But just as a steering-wheel lock won't stop someone from smashing your car window, closing these holes doesn't guarantee that
you'll be safe online.

To repel e-mail threats, the other major attack vector, be on your
guard against any unsolicited e-mail links or attachments, even if the message uses your name and doesn't contain obvious grammatical errors.
One currently operating assault uses data stolen from Monster.com to send personalized attack messages to job seekers.

And of course, keep your antivirus software up to date.Antivirus software won't usually be of direct help in blocking crooks' intrusions via exploits like these, but often it can stop the malicious software that criminals attempt to install after breaking in.

Previous article - Next article

Other articles
2010/3/18 8:07:31 - Panda Cloud Antivirus Receives ICSA Labs' First Cloud-Based Certification
2010/3/17 15:49:34 - Open-Source Email Security Taken To The Next Level at WebhostingDay
2010/3/17 15:18:40 - McAfee Warns ABout Scareware or Fake Antivirus Software
2010/3/2 5:22:13 - VeriSign and AVG Will Integrate VeriSign Trust(TM) Seal Within AVG LinkScanner(R)
2010/3/1 7:36:12 - New Stealth Software Protects P2P Users From Lawsuits by Copyright Holders
2010/2/24 13:55:16 - New State of The Art Firewall By Palo Alto Networks
2010/2/24 13:50:26 - Beware of Fake Antimalware Programs Like PCsProtector
2010/2/24 13:38:02 - New Registry Cleaner Guide Helps Your PC Perform Faster
2010/2/3 7:32:43 - PC Login Now (Full version) Available Now For Free.
2010/2/3 7:11:57 - Mitto Named One of 20 Top Web Applications

The comments are owned by the poster. We aren't responsible for their content.