4 out of 5 critical issues fixed on Patch Tuesday

Posted by   Virus Bulletin on   Oct 10, 2007

Expected patch omitted from monthly security update.

Microsoft has announced the contents of its monthly 'Patch Tuesday' security update release, with four 'Critical' and two 'Important' fixes pushed out to users of its operating systems and software. A fifth issue, labelled 'Critical' in the advance notification released last week, remains open as the expected patch has been held back to resolve issues discovered during final testing.

The critical patches cover single vulnerabilities in Word, Outlook Express/Windows Mail and Kodak Image Viewer, as well as a four separate problems found in Internet Explorer, one of which had been publicly disclosed as long ago as February. All could allow an attacker to execute code remotely on vulnerable systems. The less crucial fixes are for a possible denial-of-service vulnerability in the RPC system and a privilege escalation issue in Sharepoint.

Little detail has been released regarding the missing patch, except that it was withdrawn following a 'quality control issue'. It seems likely that it will be kept back until next month's Patch Tuesday. Of the vulnerabilities that have been fixed, at least two, the flaws in Word and Sharepoint, have had exploits made public or used in targeted attacks, according to SANS.

The full security bulletin detailing all the patches is here, with a Microsoft Security Response Center blog entry describing the changes to the scheduled release here.

Posted on 10 October 2007 by Virus Bulletin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.