We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,088 News Articles

Patches released for critical Windows flaws

Update your system now

Microsoft yesterday released two security updates for Windows, one of which was critical. It also released a critical update for Exchange Server.

In Microsoft's rating system, a critical vulnerability means it could allow unauthorised software to be installed without user action.

The third patch released yesterday fixes two vulnerabilities in Windows rated 'moderate', Microsoft said.

More information and Microsoft's monthly security bulletin can be found here.

Amol Sarwate, the Vulnerability Research Lab manager for Qualys, said the vulnerability in Exchange was the most critical of the three. That flaw could allow a remote user to send email with malicious content in it that would take control of Exchange or a user's computer. The flaw could also have been automated to create an email worm, he said.

Qualys provides software as a service for vulnerability and compliance management.

The critical Windows flaw was in the version of Adobe Flash Player that comes with the OS (operating system), Sarwate said. It could allow miscreants to create malicious Flash-based websites or animated files that could take control of an unsuspecting user's system if he or she clicked to view those files.

Adobe Systems has also released a patch for the Flash Player flaw and Windows users can install either Adobe's or Microsoft's patch to fix their systems, he added.

The third Microsoft patch was for two vulnerabilities in the MDTC (Microsoft Distributed Transaction Coordinator), which controls Microsoft SQL Server database transactions.

Even though the MDTC flaws could have allowed an attacker to shut down that component, they were rated as moderate, not critical, because Windows services without dependence on the MDTC would not have been affected, a spokesman from Microsoft's public relations firm Waggener Edstrom said via email. In general, an attack on the MDTC vulnerabilities would not affect the overall stability of Windows.

All three security updates were released as part of Microsoft's monthly security patch process, known as Patch Tuesday by security researchers because the fixes are released on the second Tuesday of the month. The next such update is scheduled for 13 June.


IDG UK Sites

Windows 9 release date, price, features: Microsoft teases new OS ahead of 30 September unveiling

IDG UK Sites

From the iPhone 6 to the iWatch and a new Apple TV we look at the products Apple is set to launch...

IDG UK Sites

September 2014 creative trends: 5 things you must see

IDG UK Sites

What to expect from Apple in autumn/winter 2014: iPhone 6, iPhone Air, iWatch, iPad 6, new Apple...