Microsoft patches critical Windows drive-by bug

From InfoWorld: Microsoft has patched three vulnerabilities in Windows, one that could be exploited by attackers who dupe users into visiting a malicious website.

The company also debuted a new defensive measure to help users ward off ongoing attacks that are exploiting a known bug in Internet Explorer (IE).

The light load -- just two security updates, or "bulletins" as Microsoft calls them -- was announced last week , making for an easier beginning to the new year than the end of 2010, when in December the company shipped a record 17 updates that patched a near-record 40 bugs.

One of today's updates was classified as "critical" by Microsoft, the firm's top threat ranking, while the other was marked as "important," the second-most dangerous rating.

MS11-002 was the update that security researchers and Microsoft recommended users apply first. The update patched two vulnerabilities, one critical, the other important.

"Attackers can exploit the critical vulnerability in MS11-002 by getting users to browse to a malicious website," said Amol Sarwate, manager of Qualys' vulnerabilities research labs. The tactic, usually called a "drive-by" attack, relies on enticing users to click a link that's offered in a baited email.

View: Article @ Source Site