NOW READ THIS
("Security Advisory")
| Go Back |
Submitted by: Bill Hickey
NCVA List Master
NRT-0286 Microsoft Addresses 14 Flaws:
In its most extensive one-day security update since February, Microsoft issued nine bulletins on 14 August that offered patches for 14 vulnerabilities in Office, Internet Explorer, and every edition of Windows. Eight of the fixes were labeled 'critical,' the company's highest risk rating. Most researchers agreed that the highest priority update was the one that patched a bug in Windows Graphics Rendering Engine (GDI). According to Microsoft's MS07-046 advisory, a successful attack using the GDI bug, which affects Windows 2000, XP, and 2003 Server, could give the hacker complete control of the PC.
"This affects a core Windows subsystem, and all versions except for Windows VISTA," said one researcher. "Unlike most other vulnerabilities, this one doesn't need an application, like Internet Explorer; all that's needed is a [malformed] image file. The only good news here is that this does not affect VISTA."
Microsoft also patched flaws in Excel, Windows Media Player, the Windows Vector Markup Language (VML), and three of the Microsoft-made gadgets bundled with VISTA. Another researcher noted there were several "repeat offenders," meaning new patches that Microsoft has had to lay atop code or components patched one or more times before. These include the patches for Excel, GDI, VML, and XML Code Services.
(www.computerworld.com 14AUG07)