Microsoft summed up the year with 11 vulnerabilities
On December 11, Microsoft released seven security patches for 11 vulnerabilities in Windows, Internet Explorer, Windows Media Player and some other components of the operating system. Microsoft confirmed that two of the vulnerabilities could allow other attackers to exploit the computer system.
3 out of 7 updates are patched for 'critical' vulnerabilities (highest level), while the remaining 4 patches are rated critical (the second level in the system evaluates 4 levels of the firm).
3 'serious' patches - MS07-064, MS07-068 and MS07-069 - for 7 different vulnerabilities in DirectX, Windows Media Format runtime (in Windows Media Player) and Internet Explorer must be patched right away immediately. Adrew Storms, director of security operations nCircle Inc, said 'Security holes are the worst. All of those 3 fatal flaws are related to multimedia content. Obviously, an attacker can send malware and organize remote attacks. '
The evaluation patch for the most serious vulnerability is MS07-069. It used to patch four vulnerabilities in IE6 and IE7 because these vulnerabilities actually put the computer at high risk of being exploited.
Six of the seven vulnerabilities affected both Windows Vista and the operating system Microsoft said was the most secure.
MS07-064 is used to handle pairs of errors in DirectX drivers for arranging video file formats; Attackers can exploit this vulnerability by tricking users into viewing a media format they create.
This is very important because many applications - and even Windows applications - use DirectX to present a rich content. File formats like .avi, .wav and SAMI are used and popular on most websites. Routine users often open these formats and give it a chance to attack the computer.
MS07-068 is also a patch with the same content MS07-064, it also involves a file format separation vulnerability. Windows Media Format runtime - a part of Windows Media Player and a component used by Windows to display the contents of .asf file formats.
MS07-069 patched four vulnerabilities in IE6 / IE7 in both Windows 2000, XP and Vista. Three of the four vulnerabilities affect the browser memory consumption when IE loads dynamic HTML pages (DHTML). According to Microsoft, exploits will make the DHTML vulnerability a 'zero-day' error.
The second zero-day error was patched by MS07-067 , which provides an update to Macrovision driver. Although Macrovision provided an alternative driver for Windows XP and Server 2003 a week ago, Microsoft released a patch for this driver in December because the update required more time to prepare and test the version.
Also in the patch release this month there are two versions - MS07-063 and MS07-066 - only for Windows Vista. Both updates are aimed at critical and critical errors, and even Microsoft acknowledges that this error can completely succeed in executing remote code.
7 patches can be downloaded and installed via Microsoft Update and Windows Update services, or can be via Windows Server Update Services (WSUS).
- The vulnerabilities of Apple, Microsoft, OpenOffice
- Appeared source code to attack Microsoft products
- Microsoft patched a series of serious vulnerabilities
- Microsoft patched 12 vulnerabilities in products
- 5 common errors in managing security vulnerabilities
- Microsoft is about to patch a serious vulnerability in Windows and Exchange
- Microsoft patched a serious flaw in the .Net platform
- Microsoft advises how to limit Excel vulnerabilities
- There is going to be a patch for serious Windows errors
- Microsoft acknowledges Excel's error
- Hacker offers a tool to exploit WMF errors of Windows
- Microsoft blocked Vista, IE 7 security holes