|
The patches released by Microsoft to resolve 12 vulnerabilities. Of the 12 corrected vulnerabilities (from MS06-040 to MS06-51), the following eight are considered 'critical': - MS06-040: update that resolves several vulnerabilities in the Server service in Windows 2000, XP and Server 2003. - MS06-041: update that resolves several vulnerabilities in the DNS service that could allow remote code execution in Windows 2000, XP and Server 2003. - MS06-042: cumulative update that resolves several vulnerabilities in Internet Explorer. - MS06-043: for Outlook Express in Windows XP and Windows Server 2003. - MS06-044: resolves a vulnerability in the Microsoft Management Console in Windows 2000 that could allow remote code execution. - MS06-046: update that prevents a buffer overflow in HTML Help. Applies to Windows 2000, XP and Server 2003. - MS06-047: update that resolves a vulnerability in Visual Basic for Applications that could allow remote code execution. Systems affected are: Office 2000, Project 2000, Access 2000, Office XP, Project 2002, Visio 2002, Works Suites 2004, Works Suites 2005, Works Suites 2006 and Visual Basic for Applications SDK 6.0, 6.2, 6.3 and 6.4. - MS06-048: Recommended for Microsoft Office 2000, 2003 and XP to prevent two Power Point vulnerabilities. Of all of these, MS06-040 is of most concern to experts as, not only have exploits been published on the Internet, but it could also allow remote control of compromised computers. It is therefore likely that more malicious code will appear that can exploit this flaw. Users are advised to install the Microsoft patch, available at: http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx DarkFloppy.A is a worm with no destructive effects, and only spreads by making copies of itself on floppy disks. This malicious code is easy to detect when it is installed on a system, as it displays an animation in the Windows taskbar. Curiously, the animation can be changed through a small menu accessed by right-clicking on the image.
|