Microsoft issues critical security fixes2014-11-12 09:55 by Daniela
Microsoft has released November patches for its Windows operating system, Office and Internet Explorer software. Of total 14 vulnerabilities patched, four were rated critical - the highest severity rating.
Most notably, one of the bug fixes addresses a vulnerability that has existed for 19 years in all Windows versions from Windows 95 onward. It allows remote attacker to take over and control a target computer.
One of the fixed vulnerabilities (CVE-2014-6352) affects Windows Object Linking and Embedding and could allow remote code execution if the user visits a website infected with malicious code. If the user uses an administrator account, the attacker could gain access to the computer and install programs, change or delete data. At first, this flaw was patched in October but it didin't completely fix the vulnerability. Now Microsoft expects that attackers won't be able to exploit this bug in the future.
Another patched flaw affects the TCP/IP stack in Windows Server and could allow an attacker to execute code in the context of another running process which may have more system privileges.
Microsoft also patched the CVE-2014-6321, a remote code execution vulnerability in the Microsoft Secure Channel (Schannel) - Microsoft's software for implementing secure transfer of data. All versions of Windows were affected.
Read more -here-