Microsoft Issues Patch For Vulnerabilities In Mdac And Windows Backup Manager

By Author: Peter Martin
Total Articles: 211
Comment this article

Cybercrime is rising with each passing day and hackers are relentless in their pursuit to exploit vulnerabilities. Exploits for vulnerabilities are also placed in the wild and shared among the underground hacking community to perpetuate crime. Therefore, it becomes imperative for software developers to issue patches for mitigating vulnerabilities. Microsoft regularly issues patches for identified vulnerabilities on the second Tuesday of each month. In its first security update of the year, Microsoft has issued two security bulletins. The latest patch addresses vulnerabilities in Microsoft Data Access components (MDAC) and Windows Backup Manager. MDAC is a framework, which facilitates programmers in developing applications that can access various data stores. Attackers may misuse the vulnerabilities in MDAC to lure users to visit a specially crafted, but malicious web page. Visit to the web page causes remote code execution and allows hackers to gain the same users as held by the victim.

Attackers can than gain access to documents and files on the computer and compromise information security ...
... The patch released ensures that MDAC properly validates the string length and memory allocation. MDAC vulnerability has been rated as critical for Windows XP - Service Pack (SP) 3 and Professional x64 SP 2, Windows Vista - SP 1 and SP 2, Windows Vista x64 SP 1 and SP 2, and Windows 7 - 32 bit and x64 based systems.

The second security patch rectifies the process of loading external libraries by Windows Backup Manager. In this case, the attackers may place a specially crafted file on a remote file system. When unwary users access a legitimate Windows Backup Manager file on an untrusted remote file system or Web-based Distributed Authoring and Versioning (WebDAV) share, the vulnerability causes the Windows Backup Manager to also load the specially crafted file and execute malicious code. WebDAV is an HTTP based protocol that allows users to collaborate in editing and managing files stored on web servers. Microsoft has rated this vulnerability as important for Windows Vista - SP 1, SP 2, x64 SP 1 and x64 SP 2.

Information security professionals at Microsoft have also released a temporary patch for memory bug related to Cascading style sheet (CSS) function in Internet explorer. The memory bug allows remote code execution by attackers. The temporary patch prevents recursive loading of CSS in Internet Explorer.

Internet users must keep track of the security advisories and regularly update operating systems, software applications and Internet browsers to protect their computers from malicious attacks by hackers. Threats emanating in the cyberspace must be dealt deftly. Ethical hacking techniques can help software developers in pre-empting vulnerabilities and undertaking corrective measures to ensure safe computing for users.