[gui-talk] Article: Microsoft to Issue 7 Security Patches

[Steve Pattison]

This article is taken from the Beta News home page at 
www.betanews.com.  -Steve.

Microsoft to Issue 7 Security Patches

By Nate Mook,
BetaNews
July 6, 2006, 2:30 PM

Microsoft plans to release 7 security bulletins as part of its July 
11 Patch Tuesday,
the company said Thursday. Four of the updates are for Windows, with 
the most severe
being rated as "critical." Three other patches are directed at 
Office, also with
a maximum severity of "critical."

Although Microsoft does not disclose in advance what flaws are to be patched,
two vulnerabilities in Excel are likely to be among the fixes. One 
issue relates to maliciously crafted spreadsheet files that could 
lead to a full system compromise, while the other relates to hyperlinks
in Excel documents.

Two security flaws affecting Internet Explorer
were also reported last week, including a cross-site scripting issue 
where an attacker
could view information in an open browser window from another that is 
visiting a
malicious site.

A second more serious flaw involves how HTA applications are handled. 
A user could
be tricked into opening a malicious file, which in turn could execute 
code. The file
would need to be accessed through SMB or WebDAV in order for the 
issue to be exploited.

Microsoft said last week that it was investigating the issues, but 
it's not clear if the company has had time to develop and properly test a fix.

Along with the 7 security patches, Microsoft will release one 
high-priority non-security
update that is not for Windows. Per usual, the Redmond company will 
also deliver
an update to its Malicious Software Removal Tool on Tuesday.


Regards Steve
Email:  srp at internode.on.net
Skype:  steve1963
MSN Messenger:  internetuser383 at hotmail.com