Microsoft Releases another Multiple Batch of Patches for 2007
Microsoft patched several gadgets of Windows Vista on August 14, 2007. This is the first time the software giant has fixed small applications. One researcher has described the date as "arrival of the next-generation of vulnerabilities".
The patches repair fourteen vulnerabilities. Microsoft has rated eight bugs as critical, four as important, and two as moderate. The updates fix security holes in Windows Gadgets, Windows Media Player, Windows Excel, Office, Internet Explorer, Virtual Server, Virtual PC, and Visual Basic.
A number of vulnerabilities that Microsoft's fixes have addressed are capable of exploitation by a simple visit to a malware-hosting Website on Windows browser, said Dave Marcus, security research and communications manager at McAfee Avert Labs. Information Week published Marcus' statement on August 14, 2007. Microsoft's updates highlight malware creators' trend to seek the Web browser as an attack vector and therefore strengthens the need to follow safe browsing practices.
Microsoft distributed the patches through 9 security bulletins that the company uses to mark out one variant of technology component or application.
One out of the 9 bulletins issued on August 14, 2007 describes three bugs that could allow attackers to inject malicious code into a user's computer running Vista, said Microsoft. Three of the gadgets or small applications on the desktop bundled in Vista have flaws. These applications are the weather gadgets, the RSS and contacts. The flaws in the weather gadgets and the RSS are particularly at risk because both are active by default during a normal Vista OS installation.
The Excel version of Windows is also flawed, according to the software developer. Microsoft rated it as "critical" for Office 2000, and "important" for Office 2003, Office 2004, and Office XP. An attacker managing to successfully exploit this vulnerability could remotely gain full control of the affected system, the company said in its advisory.
Office 2004 11.3.7, a 8.6MB patch, is available for download from Microsoft's Website. Users must first ensure installation of 11.3.6, the update released in July. Microsoft's other multiple batch of patches arrived in February 2007 when the company repaired 20 flaws with 12 updates.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 30-08-2007