Microsoft Releases Security Updates MS07-017 and MS07-008
Microsoft's Security Bulletin MS07-017 addresses seven vulnerabilities lying within GDI (Graphical Device Interface) that could let attackers execute remote code when an exploit is successful. However, the MS07-017 patch has a deficiency.
A new exploit code is circulating in the wild for over a week now in U.S. It tries to download an HTML code from a different server. In addition if users visit a certain website without installing MS07-017 it can compromise their PCs.
The exploit hid inside an HTML code on the home page of ASUStek's Web site, according to Roger Thompson, CTO at Exploit Prevention Labs Inc. Computerworld published this on April 6, 2007.
A researcher at Kaspersky Lab posted in the company's Viruslist.com site in which he confirmed the various reports saying that Asus.com was being compromised. News published this on April 6, 2007.
Microsoft has said it is most essential to deploy MS07-017 to patch the .ANI file format that is a critical vulnerability in Windows animated cursors and icons. Still according to reports from some users, the installation of the update led to a trade-off. So Microsoft has provided details about the issue in a Knowledge Base publication.
It said that on logging to a computer running Microsoft Windows XP with Service Pack 2 the Realtek HD Audio Control Panel might not operate. Moreover an error message may appear.
The message talks about relocation of the system DLL User32.dll in memory. The relocation could occur because the DLL C:WindowsSystem32Hhctrl.ocx filled up the address range meant for Windows system DLLs. Therefore the supplying vendor for DLL should be asked for a fresh DLL.
The problem associates with the Realtek HD Audio Control Panel (Rthdcpl.exe) and takes place after installing the MS07-017 and MS07-008 security updates. Microsoft explains that both these security updates include the Hhctrl.ocx and the User32.dll that present base addresses conflicting with each other.
In this scenario Microsoft has provided downloadable update for Windows XP. Installing this update would resolve the problem involving the unsuccessful start of Realtek HD Audio Control Panel as a result of deploying MS07-017 and MS07-008. News.softpedia published this, April 6 2007.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 4/16/2007
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!