Home Archive RSS/XML Subscribe Shop

[ISN] Microsoft Plans Six Security Updates, Two For Windows Vista

From: InfoSec News <alerts_at_infosecnews.org>
Date: Fri 08 Jun 2007 - 09:06:02 CDT
http://www.informationweek.com/news/showArticle.jhtml?articleID=199902337

By Sharon Gaudin
InformationWeek
June 7, 2007

Gearing up for next week's Patch Tuesday release, Microsoft announced on 
Thursday that it's preparing six security updates -- four of them for 
critical bugs.

One security update actually can patch multiple vulnerabilities so it's 
unclear at this point how many flaws next week's releases will fix. 
Microsoft, though, did announce in its Security Bulletin Advance 
Notification that each of the four critical updates will affect Windows 
software, while only one affects Internet Explorer. Another one will 
address issues in Outlook Express, as well as Windows Mail.

One critical vulnerability affects Windows Mail in Windows Vista and 
Windows Vista x64 edition. There another patch for Windows Vista that's 
rated "moderate".

All of the critical bugs being fixed enable remote code execution, 
meaning that a remote hacker could take over an infected system.

The one security bulletin that received Microsoft's second-highest 
threat rating of "important" affects the Office application suite, as 
well as Microsoft Visio, which is diagramming software. The flaw being 
fixed also enables remote code execution. It's not yet clear why this is 
not a critical flaw, as nearly all remote code execution vulnerabilities 
are rated that way.

The 'moderate' security bulletin affects a bug in Windows that causes 
information disclosure.

Johannes Ullrich, CTO for the Internet Storm Center, a cooperative cyber 
threat-monitoring and alert system, said this seems like an average size 
patch release for Microsoft -- slightly less than last month when 
Microsoft released seven bulletins in its monthly patch release. He is 
hoping, though, that several of the outstanding Internet Explorer flaws 
are fixed in the June 12 release.

"There are about six publicly known IE bugs out there," he added in an 
interview. "Typically, Microsoft issues patches that fix multiple bugs. 
Last month, four vulnerabilities were fixed with one IE patch. That 
would be good."

Ullrich also is hoping that Microsoft patches several outstanding Office 
vulnerabilities. "It's definitely one of the issues that keeps bugging 
users," he said. "We haven't seen any of them widely used yet. They're 
being used in smaller, targeted attacks."
Received on Fri Jun 8 09:06:03 2007
Google
 
Web www.infosecnews.org
© Copyright 2007 InfoSec News
Home Archive RSS/XML Subscribe Shop Privacy