Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Wednesday, February 14, 2007

Vulnerability in Live OneCare and Defender

Yesterday was another “Patch Tuesday” and millions of computers were automatically updated with fixes to critical vulnerabilities found in various Microsoft Windows components.

To many it was just another security update but it was one of the most important updates I’ve seen and one of the most embarrassing for Microsoft.  Click here for more details.  I’m surprised Microsoft didn’t announce a ZunePhone or MicrosoftTV this week to distract the press.

A number of updates were for components used by thousands of non-Microsoft applications.  The ActiveX HTML Help component, the RichEdit Text Control component and even the underlying code for many applications, Microsoft’s Foundation Classes were found to include vulnerabilities.

The most embarrassing has to be a critical vulnerability in the Microsoft’s own Malware Protection Engine.  This reminds me of the company who made bike locks only to discover they could be unlocked by using a ball point pen.

Affected Software:

Windows Live OneCare

•  

Microsoft Antigen for Exchange 9.x

Microsoft Antigen for SMTP Gateway 9.x

Microsoft Windows Defender

Microsoft Windows Defender x64 Edition

Microsoft Windows Defender in Windows Vista

Microsoft Forefront Security for Exchange Server

Microsoft Forefront Security for SharePoint

If a scan runs into a specially crafted PDF file, the target computer could allow remote execution of malware.

At this time we haven’t seen any threats using this vulnerability but it’s only a matter of time. I commend Microsoft for their honestly, but computers which have not been updated are at immediate risk. 

This basically tells the bad guys which mat to look under for the keys. If users don’t change the locks by downloading this weeks updates their doors will be wide open. 

 

Share on Facebook


2 Comments:

Anonymous Anonymous said...

How can I talk or email with someone at WinPatrol? I look and look at all sorts of websites and all I see are FAQs etc.

No support for WinPatrol???????

2:58 PM  
Blogger Unknown said...

Hi Susan,

Sorry if you can't find the correct place to ask a question. You can always send an Email to support@winpatrol.com and you'll get back a personal response.

Thanks,
Bill

3:11 PM  

Post a Comment

<< Home