[gui-talk] Article: Microsoft Remedies 14 Flaws in Nine Patches

Steve Pattison srp at internode.on.net
Tue Aug 14 20:49:38 CDT 2007 

These patches are now available on Windows Update.  -Steve.

Microsoft Remedies 14 Flaws in Nine Patches
By
Ed Oswald,
BetaNews
August 14, 2007, 4:23 PM

Microsoft fixed a total of 14 flaws across 9 patches on Tuesday, with 
six of those patches reaching critical status. While the number of 
patches is far from the Redmond company's record, this month could 
prove difficult for administrators.

"This month's Patch Tuesday has headache written all over it," 
PatchLink's Paul Zimski ommented. "Although this is not Microsoft's 
biggest Patch Tuesday in terms of number of patches, the details of 
the patches indicate a broad-spectrum of exposure."

Of the critical patches, all deal with remote code execution issues. 
The first patch fixes issues within the XML Core Services of Windows, 
while another corrects a memory corruption issue within the Object 
Linking and Embedding function in Windows, Visual Basic, and Office for Mac.

A third critical patch fixes a workspace memory corruption flaw 
within Excel, and issues in how the Graphics Rendering Engines 
handles specially crafted images have also been remedied.

Two critical patches for Internet Explorer were also released; one 
that fixes a buffer overrun vulnerability within Vector Markup 
Language, as well as a cumulative patch that contains three separate 
fixes for two ActiveX Object problems and a CSS memory corruption issue.

Three important patches are available as well: two for remote code 
execution issues and one that involves elevation of privilege. In 
addition, a fix for Windows Media player repairs two separate issues 
with the parsing and decompressing of skins used to change the look 
of the player.

Also fixed was an issue within Windows Vista concerning the "gadgets" 
feature. Microsoft says that malicious files could open the operating 
system up to remote code execution.  Finally, a flaw in Virtual PC 
and Virtual Server that could result in elevation of privilege was 
also remedied.

"Organizations need to remediate these vulnerabilities as quickly as 
possible to avoid falling victim to quick turnaround exploits," Zimski said.


Regards Steve
Email:  srp at internode.on.net
Skype:  steve1963
MSN Messenger:  internetuser383 at hotmail.com

More information about the gui-talk mailing list