Microsoft Fixes 4 Security Vulnerabilities 

by iClass - Thursday, March 10, 2011
Recently, Microsoft released three security bulletins, which address four vulnerabilities. The first security bulletin addresses critical vulnerabilities associated with DirectShow, Windows Media Player and Windows Media Center. The remaining two security bulletins mitigate a security flaw associated with Windows Remote Desktop Client and Groove, both rated as important by the company.

The vulnerability in DirectShow is related to the handling of DLL files loading. Attackers may exploit the security flaw to gain complete control of the affected system. Attackers may then install new programs, access, modify and delete files. They may also create new user accounts on the system.

The security flaw in Windows Media Player and Windows Media Center is related to their handling of .dvr-ms files. Cybercriminals may create a specially crafted malicious .dvr-ms file and induce users to open the file. Offenders may create new user accounts on the compromised system, and access, modify and delete files.

The security update rectifies the process followed by Windows Remote Desktop Client and Groove to load external libraries. The vulnerability may be successfully exploited if users access an .rdp file and Groove-related file from the same network folder, wherein attackers have placed the specially crafted library file.

The bug related to DirectShow could be prevented from exploitation by limiting user rights on the system, avoiding opening .wtv, .drv-ms, or .mpg media files stored in untrusted remote file system location. According to the company, Server Message Block, the file sharing protocol is usually disabled in the security perimeter and minimizes the possibility of exploitation of this flaw. Users who have disabled automatic updating must install the security update manually to prevent abuse of the bug.

The flaw related to media player and media center could be prevented from exploitation by limiting user rights on the system. Users must avoid clicking on suspicious links, and downloading suspicious attachments. They must satisfy themselves of the authenticity of e-mails received from unknown sources, before clicking on any links provided in them. They must be cautious of clicking links in banner ads on websites.

Software products are susceptible to vulnerabilities caused by programming errors and lapses. As such, developers face constant challenge of addressing security flaws. Microsoft issues security update on the second Tuesday of every month. The previous Patch Tuesday mitigated 22 vulnerabilities. The security flaws are either identified by in-house security professionals, external security researchers or their exploit code is revealed by attackers on underground forums. Online technology degree programs may help security professionals to equip themselves with new skills to deal with the evolving IT security challenges.

Attackers take advantage of the lack of awareness among users to exploit vulnerabilities. Adherence to patches released by software developers is crucial to safeguard their computers from security breaches. Online computer degree and e-learning programs may help users in understanding the implications of different security threats.

Hiring professionals qualified in security certifications, IT masters degree and computer science degree may help organizations in prompt detection of security flaws, and timely identification and application of relevant security patches.

Contact Press

EC-Council
Website: http://www.eccouncil.org
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

-

0    submitted by iClass -
Read More Press Releases

Thanks to robots, company registration in Singapore has become cheaper

Koincable Introduces Four Customizable HDMI Cables

SKS Ispat& Power Ltd commissions first 300-MW power unit of their 1,200-MW RaigarhPower Plant

How a Bodybuilding Diet Can Help Build Muscle Naturally

Low Carb Diet Report Casts Light On New Research Findings

Increase in the number of student visa is trending nowadays

Wiwigo Technologies: First of its kind selfie campaign takes place in moving Delhi-Chandigarh Shatabdi

An important day in real estate sector

Leonard Kim to Appear on Critical Mass Radio Show

Nishan Kohli's recent exhibition on photography

Get press releases by email