contents

software
 
New Critical Microsoft Windows Vulnerabilities Found and Disclosed

3Com and 3Com's TippingPoint division say its security research team has discovered a new critical vulnerability in Microsoft Windows. 3Com's Zero Day Initiative also has found another critical Microsoft vulnerability in its Microsoft Excel. 3Com has reported the issues to Microsoft immediately, which in turn has applied the necessary resources to address the vulnerability and issued the patch. 3Com customers with the TippingPoint Intrusion Prevention Systems were protected against potential zero day attacks targeting the vulnerability through its Digital Vaccine update service.

The critical vulnerability named CVE-2006-1314 allows remote attackers to execute arbitrary code on vulnerable installations of the Microsoft Windows. This vulnerability could lead to a network worm that could have a widespread impact. The critical vulnerability called CVE-2006-2388 allows remote attackers to execute arbitrary code if a malformed Excel spreadsheet is opened by a victim. The main aim of the ZDI program is to enable the responsible disclosure of vulnerabilities in order to make technology more secure for users and businesses.

The new vulnerabilities are: 1) MS06-033 (Vulnerability in ASP.NET Could Allow Information Disclosure; Rating: Important); 2) MS06-035 (Vulnerability in Server Service Could Allow Remote Code Execution; Rating: Critical); 3) MS06-036 (Vulnerability in DHCP Client Service Could Allow Remote Code Execution; Rating: Critical); 4) MS06-037 (Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution; Rating: Critical); 5) MS06-038 (Vulnerabilities in Microsoft Office Could Allow Remote Code Execution; Rating: Critical); 6) MS06-039 (Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution; Rating: Critical).



write your comments about the article :: 2006 Computing News :: home page