Based on reports from MSNBC, Microsoft has recognized several bugs in its programs which include, Internet Explorer (IE) , Windows, Visio and Visual Studio.
It has issued 22 patches to fix the 13 security flaws it has recognized.
Out of the 13 different security bulletins 2 were classified as ?critical?. This meant that if an online attacker targeted a computer, he/she could exploit the bugs to execute malicious code.
Out? of the rest of the bulletins ?9 were labeled as ?moderate? and 2 as ?important? and if left unpatched it would allow and outside party to gain privileged access to a victim?s computer.
As per what Microsoft said in its blog on TechNet, IE?s security report, showed 5 privately reported vulnerabilities and 2 publicly disclosed vulnerabilities. Despite the risk it stated that, ?Microsoft is not aware of any attacks leveraging the vulnerabilities addressed in this bulletin.?
The IE update is critical for all platforms. It applies to all versions, from IE 6 through 9 on Windows 7, Vista, XP, 2003 and 2008.
2 vulnerabilities were exposed in Windows DNS server, Windows Server 2008 and Server 2008 R2. While Server 2003. ?The more severe of these vulnerabilities could allow remote code execution if an attacker sends a specially crafted Naming Authority Pointer (NAPTR) query to a DNS server. Servers that do not have the DNS role enabled are not at risk.?
Microsoft is expected to update all supported versions of Visio, .NET framework and Visual Studio 2005 development tool. It also patched a DLL vulnerability in Visio last month that could have been exploited with a remote code execution attack.
Users, be Cautious!
Marcus Carey, a security researcher for Rapid7, said that since the preview announcement ?provides no details on what the actual flaw is being patched, users should limit their use of Internet Explorer to only visit trusted sites and be careful about clicking on links. His advice to users is also that, concerned users should consider using an alternate browser, such as Firefox or Chrome, until the patches are live.
Sources: AMEinfo, TechNet blogs, eweek.com