NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0042 MS Issues 12 Security Fixes:

Microsoft Offers Fix for 20 Flaws, Entire Security Lineup At Risk. Microsoft unveiled a dozen security updates that patch 20 vulnerabilities on 13FEB's Patch Tuesday. One of the flaws is in every security product of the company's consumer and enterprise lines, including software either bundled with or able to run on the new Windows VISTA operating system. More than half of the 20 patches - 11 total - were labeled "critical" the highest rating in Microsoft's four-step threat-scoring system.

Among the updates are several that tackle long-standing problems in numerous editions of Microsoft Office, including six patches for WORD and one each for POWERPOINT and EXCEL.

The update deemed by analysis to be the most important is MS07-010, which patches a critical bug in the malware scanning engine used by Windows OneCare, Windows Defender, and the Forefront Security and Antigen products. A hacker could leverage the flaw to hijack a supposedly protected PC, because the scanning engine improperly parses PDF files, Microsoft said.

Attackers could feed malformed PDF files to PCs via email, for instance, and gain control of the machines without any interaction from users. However, Microsoft said attackers have not used the scanning engine bug yet.

(http://www.computerworld.com 13FEB07)

Last Modified: Saturday, 17-Feb-2007 07:43:11 EST