Microsoft patched a critical vulnerability in Windows

Network Administration - Microsoft patched three vulnerabilities in Windows yesterday, one of which could be exploited by attacks that trick users into accessing malicious websites.

Microsoft also introduced a new prevention method to help users avoid attacks exploiting known vulnerabilities in IE.

It is known that users only need to download two security upgrades, or two bulletin boards by Microsoft, which were announced last week, which is an easier start in the beginning of this year compared to the month At the end of 2010, in that period Microsoft released a record number of 17 upgrades to patch for nearly 40 errors.

One of the two errors was classified as "critical" by Microsoft, while the other one was marked as 'important', the risk ranked second in the evaluation list.

MS11-002 is a security upgrade that researchers and Microsoft encourage users to use first. This upgrade will fix 'critical' and 'important' vulnerabilities.

' Newcomers can exploit the' critical 'vulnerability in MS11-002 by tricking users into browsing a malicious Web site ,' said Amol Sarwate, the center's director of research on Qualys's vulnerability. said so. This is a form of attack still called "drive-by", the attack is based on enticing users to click on a link provided in a fake email.

An error in the Microsoft Data Access Components (MDAC) components , a set of components that leads Windows access databases such as Microsoft SQL Server. The error here lies inside the MDAC ActiveX driver, allowing users to access databases from within IE.

Only users who are using the new IE browser are at risk when the attacker exploits the 'critical' vulnerability that Microsoft announced in MS11-002, both Sarwate and Andrew Storms, security operations director of nCircle Security. all said so.

Microsoft has also encouraged its customers to use MS11-002 first, noting that all client versions of Windows, including Service Pack 3 (SP3), Vista and Windows 7 are vulnerable. The server operating system versions are also vulnerable, but Microsoft only evaluates server operating system vulnerabilities at 'important'.

Surely hackers will use authentic attack code to exploit the vulnerabilities patched by MS11-002 in the next 30 days.

Another upgrade, available in MS11-001, is less important because it only applies to Windows Vista, Sarwate and Storms said.

Backup Manager error is one of the number of control errors loading dynamic DLL link library in Windows.

The patch for Vista today is known as the seventh patch that Microsoft has released to fix the bugs found by researchers in August. Microsoft released five patches to fix DLL hijacking errors last month, another patch was released in November.