Microsoft fixes Print Spooler, Plug and Play flaws

Microsoft has patched six vulnerabilities in Windows and Internet Explorer, three of which are considered critical.

Microsoft has released patches for six flaws in Windows and Internet Explorer, some of which could allow an attacker to gain control of a computer system. The patches, which include a fix for a newly discovered flaw in Microsoft's Plug-and-Play software, were released Tuesday and comprise Microsoft's regular patch releases for August.

Three of the six vulnerabilities have been rated as "critical" by Microsoft, meaning that they could theoretically be taken advantage of to gain control of a computer without any action by the user. These three critical bugs concern the Windows Plug-and-Play system and Print Spooler software, as well as Internet Explorer's (IE's) image rendering software, the company said in a statement.

The other three patches cover less serious problems in the Windows Telephony Service, Remote Desktop Protocol and in the Windows implementation of the Kerberos authentication protocol.

Microsoft credits security vendor Internet Security Systems (ISS) with discovering the Plug-and-Play vulnerability, which was publicly disclosed Tuesday. Plug-and-Play is the standard technology that Windows uses to automatically configure peripheral devices.

No exploits for the flaw have yet been made public and it is of serious concern only to Windows 2000 users, said Neel Mehta, team leader of ISS's X-Force research team. But because attackers can easily take advantage of this bug to seize control of a Windows 2000 system, Mehta believes it will soon be exploited.

Windows XP users could technically be vulnerable to the Plug-and-Play bug as well, but they would have to alter their Windows Registry file for this to happen, Mehta said. "I think it would be very unlikely if you were in XP to be vulnerable"

Though more difficult for hackers to exploit, the Print Spooler vulnerability does affect Windows XP users and should also be considered critical, Mehta said. "I do expect to see exploits for Plug-and-Play and Print Spooler in about a week," he said. "We haven't seen issues this heavily exploitable in a while, so they will be heavily targeted by hackers."

The Internet Explorer patch concerns the way Microsoft's browser renders JPEG images, and it fixes the latest in a series of vulnerabilities related to the browser's image-rendering capabilities.

First disclosed on July 15, the vulnerability could be used to take over a user's computer via malicious Web pages, e-mail, or instant messaging, according to a statement released Tuesday by Symantec. While there are no known attacks for the JPEG flaw, there are proof-of-concept JPEG images that can crash IE, the statement said.

Microsoft's notes on the August patches can be found here: http://www.microsoft.com/technet/security/bulletin/ms05-aug.mspx

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?