TechWeb

Microsoft Pulls Security Fix

Apr 23, 2010 (07:04 AM EDT)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=224600279


Microsoft has pulled a Windows 2000 Server security patch released last week to fix a flaw in Windows Media Services.

Microsoft dropped the patch after discovering it didn't correct the vulnerability that would allow someone to plant malicious code in a Windows 2000 system running Media Services, which is not part of the default configuration of the OS.

"Today we pulled the update because we found it does not address the underlying issue effectively," Jerry Bryant, group manager for Microsoft security communications, said Wednesday in the company's blog.

Microsoft was not aware of any attacks trying to exploit the flaw, and expected to release an update of the update next week. In the meantime, Microsoft advised customers using Media Services to "evaluate and use firewall best practices" to limit exposure to attack.

Microsoft products have traditionally been the top targets for cybercriminals. However, security vendor McAfee predicted in its 2010 Threat Predictions reportAdobe Reader and Flash would surpass Microsoft Office applications as the top target for cyber-criminals.

That's because of the ubiquity of Adobe products in the computers of people and companies. Security experts have warned of the potential security risk posed by Flash for some time. In November, Foreground Security identified a flaw in the way Web browsers handle Flash files that could be used to compromise Web sites that have users submit content.

Beyond Adobe, cybercriminals are also expected to step up efforts this year to crack social networking sites, as well as third-party applications in general. Internet users can expect crooks to use more complex Trojans and botnets to build and execute attacks and to take advantage of HTML 5 to create threats. HTML 5 is the next major revision of hypertext markup language, the core markup language of the Web.