Microsoft’s September Security Bulletin Contain Patches for Critical Windows Flaw
A critical flaw exists in Microsoft Windows software and is capable of being used for remote code execution, reported Microsoft in its advance notification.
Microsoft will release the patches through five security bulletins of September 2007 within its monthly update. Microsoft has rated the Windows update as critical, which would require restarting the system.
The software giant will also release four "important" patches. Two of them repair bugs that would allow remote execution of code in Visual Studio, Windows Live Messenger and MSN Messenger. Visual Studio is software developers' tool for creating programs and Websites in the .NET framework of Microsoft.
The other updates function to affect first Microsoft Windows Services for Unix and the subsidiary system for Unix-based programs, then Microsoft Windows Live Messenger and MSN Messenger, Microsoft SharePoint Server and Microsoft Windows. The security rating for all the updates is "important" but there is no need for restarting the system, Microsoft said.
In the end week of August 2007, Danish vulnerability clearinghouse Secunia announced the MSN Messenger security flaw after discovering it. The flaw is in the way Messenger handles video communications, which by exploiting causes a stack-based buffer overflow. The success of an attack relies on the victim's acceptance of an invitation on the Web cam, Secunia said.
Microsoft also plans to issue an update for its Windows Malicious Software Removal Tool, in accordance with its monthly practice. There would also be a high-priority, non-security update to Microsoft Update but none for Windows Update.
Microsoft has not provided the complete details of its new updates creating problems in knowing the exact vulnerabilities they would patch.
The company has established a practice to release its security updates only on the second Tuesday of every month. The time is around 7pm, UK time. With the latest cycle of patches, there will be 55 updates from Microsoft in 2007. Last year too, Microsoft released 55 patches by September.
In August 2007, Microsoft repaired 14 security loopholes by developing 8 client-side patches. Six of them plugged critical holes with one in the XML Core Services program, which on exploitation can allow remote execution of code.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 20-09-2007