Printed from www.pcpro.co.uk
Critical patches form Microsoft's June security update
Posted on 13 Jun 2007 at 11:21
Microsoft has released a series of critical patches that prevent malicious code hijacking Windows and Internet Explorer. There are six security bulletins in total this month, with four being rated critical.
The first critical update (MS07-031) involves the Windows implementation of the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) Internet authentication protocols. It resolves a privately reported vulnerability in the Secure Channel (Schannel) security package in Windows. In the worst case, the vulnerability could allow the remote execution of code, and it is believed it could form the basis of denial-of-service attacks.
The second critical fix is a cumulative update (MS07-033) for Internet Explorer (all supported versions). Again, all five vulnerabilities could allow remote code execution if a user visited a specially crafted web page. According to Microsoft, this update modifies IE's handling of calls, error conditions, and special features, such as Language Pack Installation and Speech Control.
Outlook Express and Windows Mail are affected by bulletin MS07-034 - a specially crafted email could exploit a critical vulnerability in Windows Vista, again allowing remote code execution. In response, Microsoft has updated the MHTML protocol handler in Windows so that it handles URLs more securely when redirections are involved. For Windows XP, however, the vulnerability is only rated as Important or Moderate. Check the bulletin for exact details of the affected Windows XP software.
Finally, the last critical security update (MS07-035) resolves a privately reported vulnerability in a Win32 API function. As well as remote execution of code this vulnerability allows elevation of user privilege. Internet Explorer is among the apps that use this particular function and is vulnerable to attack through a suitably crafted Web page.
You can read the full details of the latest monthly update here.
Author: Alun Williams
advertisement
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Flash 10.1: Developing for Desktop and Device
- Microsoft Office 2010 screenshots: Recover unsaved items
- Microsoft Word 2010 screenshots: Text Effects
- Microsoft Word 2010: inserting screenshots
- Avira Premium Security Suite 9
- ZoneAlarm Internet Security Suite
- Webroot Internet Security Essentials
- Trend Micro Internet Security
- PC Tools Internet Security 2009
- Panda Internet Security 2009
- Norton Internet Security 2009
- Kaspersky Internet Security 2009
- F-Secure Internet Security 2009
- Eset Smart Security
- BitDefender Total Security 2009
advertisement
