Microsoft readies seven patches for Tuesday
Print storyThree are critical
Posted in Security, 6th December 2007 23:55 GMT
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server
Microsoft plans to issue seven security patches next Tuesday, three of which are rated "critical" because they could allow an attacker to remotely execute malicious code on an end user's machine.
Two of the critical updates plug holes in the entire line of supported Windows operating system versions. The patches address components including DirectX, DirectShow and Windows Media Format Runtime. The third critical fix is for versions 6 and 7 of the Internet Explorer browser.
In all, five updates fix vulnerabilities in Vista, which was designed from scratch to be Microsoft's most secure OS.
The details were made available through Microsoft's Security Bulletin Advance Notification, which is released five days prior to Microsoft's regularly scheduled patch release, which occurs on the second Tuesday of every month.
Four patches carry a maximum rating of "important". They address security flaws in a wide range of Windows versions, including Vista.
Microsoft released only limited details of the vulnerabilities. It's a safe bet that one of the patches will include a fix for a flaw in the SafeDisc copy protection software from Macrovision, which comes bundled with Windows XP and 2003 and was <a href="a flaw in the SafeDisc copy protection software from Macrovision that comes bundled with Windows XP and 2003 and was missing in action from last month's Patch Tuesday.
It's possible another fix will involve a vulnerability in a Windows feature known as Web Proxy Autodiscovery (WPAD), which helps IT administrators automate the configuration of proxy settings. Reports of the bug first surfaced 10 days ago, and on Monday Microsoft confirmed it was investigating them.
Several of the updates will require a reboot. ®
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server
Airport insecurity: the case of lost laptops
Jump start your Application Security initiatives
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Extended Validation SSL Certificates
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive