Wed, Nov 30 2005 8:14
Don
Double trouble
Exploits have been released for two Microsoft flaws this week, and users are advised to patch immediately.
The first exploit, for MS05-053 is
reported to cause a DOS condition, sending CPU usage to 100% when viewing a file in IE. The
Microsoft security bulletin
for this vulnerability lists remote code execution as a possibility,
indicating future exploits could be more severe. Users with the hotfix
for GDI installed are protected from this issue.
The second flaw is related to vulnerabilities in MSDTC and COM+, and again the exploit is
limited to a denial of service attack rather than the remote code execution listed as a possibility on the security bulletin. The patch for this (
MS05-051) has been
available since October 11, and despite some users
having problems with the update, Microsoft recommends users apply the patch.
Securityfocus
Filed under: Alerts