Microsoft’s June Monthly Update Patches Vista, IE Vulnerabilities
Microsoft released its first patch only for Windows Vista, and five other security-bulletins in the monthly release of "Patch Tuesday" on June 12, 2007, as published by SecureComputing on June 13, 2007.
Microsoft's Vista-only patch, MS07-034 exposes four serious flaws in the Outlook Express, the e-mail client in Vista, divulged Amol Sarwate, Qualys' vulnerabilities lab's manager. The flaws could let execution of corrupt code downloaded from e-mail links, he said and SecureComputing published it on June 13, 2007.
Don Leatham, director of solutions and strategy for Scottsdale, Patchlink Corp. based in Ariz said the IE flaws mentioned in MS07-033 worries him most. Internet Explorer, the most dominant browser, has a lot of potential for exploitation of these vulnerabilities, as published by SearchSecurity on June 12, 2007.
According to Eric Schultz, chief security architect at Shavlik Technologies LLC, in Rosevile, Minn., the worst security holes are in MS07-031 and 032.
If someone uses the MS07-031 issue to visit a malicious site with SSL, the security therein could help to compromise the box. Here users of Windows XP are at greatest risk. Microsoft calls the vista flaw in MS07-032 as "moderate". But they may be overstepping the seriousness of the flaw, Schultz said. SearchSecurity published this on June 12, 2007.
Symantec Security Response called the flaws in the Cumulative Security Update for IE as most serious because two of the five flaws in this security bulletin disturbed IE 7.0 running on Vista operating system, as per the news published in InformationWeek on June 12, 2007.
Security research manager at McAfee Avert Labs, Dave Marcus commented that Microsoft's latest monthly patch release did not give enough importance to risks of web surfing in the absence of protection. He said a number of vulnerabilities that the patch addresses is liable for exploitation by simply visiting a malicious website, a favorite technique for cyber criminals. InformationWeek published this on June 12, 2007.
In the last monthly security bulletin i.e. for May 2007, Microsoft issued seven critical advisories that fixed 19 flaws that make impact on Windows, Office, and Internet Explorer.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 28-06-2007