Microsoft fixes Print Spooler, Plug and Play flaws

Microsoft has patched six vulnerabilities in Windows and Internet Explorer, three of which are considered critical.

Microsoft has released patches for six flaws in Windows and Internet Explorer, some of which could allow an attacker to gain control of a computer system. The patches, which include a fix for a newly discovered flaw in Microsoft's Plug-and-Play software, were released Tuesday and comprise Microsoft's regular patch releases for August.

Three of the six vulnerabilities have been rated as "critical" by Microsoft, meaning that they could theoretically be taken advantage of to gain control of a computer without any action by the user. These three critical bugs concern the Windows Plug-and-Play system and Print Spooler software, as well as Internet Explorer's (IE's) image rendering software, the company said in a statement.

The other three patches cover less serious problems in the Windows Telephony Service, Remote Desktop Protocol and in the Windows implementation of the Kerberos authentication protocol.

Microsoft credits security vendor Internet Security Systems (ISS) with discovering the Plug-and-Play vulnerability, which was publicly disclosed Tuesday. Plug-and-Play is the standard technology that Windows uses to automatically configure peripheral devices.

No exploits for the flaw have yet been made public and it is of serious concern only to Windows 2000 users, said Neel Mehta, team leader of ISS's X-Force research team. But because attackers can easily take advantage of this bug to seize control of a Windows 2000 system, Mehta believes it will soon be exploited.

Windows XP users could technically be vulnerable to the Plug-and-Play bug as well, but they would have to alter their Windows Registry file for this to happen, Mehta said. "I think it would be very unlikely if you were in XP to be vulnerable"

Though more difficult for hackers to exploit, the Print Spooler vulnerability does affect Windows XP users and should also be considered critical, Mehta said. "I do expect to see exploits for Plug-and-Play and Print Spooler in about a week," he said. "We haven't seen issues this heavily exploitable in a while, so they will be heavily targeted by hackers."

The Internet Explorer patch concerns the way Microsoft's browser renders JPEG images, and it fixes the latest in a series of vulnerabilities related to the browser's image-rendering capabilities.

First disclosed on July 15, the vulnerability could be used to take over a user's computer via malicious Web pages, e-mail, or instant messaging, according to a statement released Tuesday by Symantec. While there are no known attacks for the JPEG flaw, there are proof-of-concept JPEG images that can crash IE, the statement said.

Microsoft's notes on the August patches can be found here: http://www.microsoft.com/technet/security/bulletin/ms05-aug.mspx

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?