Critical patches form Microsoft's June security update
By Alun Williams
Posted on 13 Jun 2007 at 11:21
Microsoft has released a series of critical patches that prevent malicious code hijacking Windows and Internet Explorer. There are six security bulletins in total this month, with four being rated critical.
The first critical update (MS07-031) involves the Windows implementation of the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) Internet authentication protocols. It resolves a privately reported vulnerability in the Secure Channel (Schannel) security package in Windows. In the worst case, the vulnerability could allow the remote execution of code, and it is believed it could form the basis of denial-of-service attacks.
The second critical fix is a cumulative update (MS07-033) for Internet Explorer (all supported versions). Again, all five vulnerabilities could allow remote code execution if a user visited a specially crafted web page. According to Microsoft, this update modifies IE's handling of calls, error conditions, and special features, such as Language Pack Installation and Speech Control.
Outlook Express and Windows Mail are affected by bulletin MS07-034 - a specially crafted email could exploit a critical vulnerability in Windows Vista, again allowing remote code execution. In response, Microsoft has updated the MHTML protocol handler in Windows so that it handles URLs more securely when redirections are involved. For Windows XP, however, the vulnerability is only rated as Important or Moderate. Check the bulletin for exact details of the affected Windows XP software.
Finally, the last critical security update (MS07-035) resolves a privately reported vulnerability in a Win32 API function. As well as remote execution of code this vulnerability allows elevation of user privilege. Internet Explorer is among the apps that use this particular function and is vulnerable to attack through a suitably crafted Web page.
You can read the full details of the latest monthly update here.
From around the web
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
- Can you send a truly anonymous email?
- Is it safe to send bank details over email?
- Sainsbury's Bank bans password storage
- MobileMe triggers credit card blocks
- How to stay safe against session hijacking
advertisement
Printed from www.pcpro.co.uk