Well today is the day all Windows boxes get Patch Management Syndrome or PMS, luckily with Valentines day so close maybe we’ll have some Flowers and Chocolates from those guys in Redmond. So on to business, we have Twelve patches today to address a raft of Security Vulnerabilities in Microsoft Products from Windows to OneCare with a brief stop over with some old favorites Office and Internet Explorer. 

The headlines are we have six critical patches and six important patches. First up on the critical vulnerabilities is MS07-008 , it addresses a remote code-execution vulnerability in Microsoft HTML Help ActiveX control.

The vulnerability occurs because the control fails to perform sufficient input-validation checks on parameters passed. The issue can be triggered when viewing a specially crafted web page containing the specific method from the HTML Help instantiated ActiveX Object.

Successful exploitation of this vulnerability allows an attacker to execute arbitrary code in the context of the user that is running the affected control.

Next we have MS07-009 which is to address a remote code-execution vulnerability in Microsoft Data Access Components (MDAC) ActiveX control.

Again the vulnerability occurs because of the way the software validates the request passed from the ADODB.Connection ActiveX control, which is part of ActiveX Data Objects (ADO) in MDAC. This issue can be triggered usinf Internet Explorer or Outlook when viewing a specially crafted HTML web page or email message.

This vulnerability affects the following versions of MDAC:

• Microsoft Data Access Components 2.5 SP3, 2.7 SP1, 2.8 and 2.8 SP1 on Windows 2000 SP4
• Microsoft Data Access Components 2.8 SP 1 on Windows XP SP 2
• Microsoft Data Access Components 2.8 on Windows Server 2003.

The next batter is MS07-010 , this patch is to address a critical code-execution flaw affecting the newly available Malware Protection Engine. This is used in the various new anti virus and spyware products from Microsoft. This vulnerability appears to be exploitable in both remote and client-side situations and affects Windows Vista.

Both MS07-014 and MS07-015 cover a total of eight vulnerabilities in Microsoft Office products. Five of these vulnerabilities have been previously identified and three are new. Pretty much every version of Office except the new Office 2007 is covered by these two sets of patches, including Office v. X for Mac and Works Suites 2004 and 2005.

Finally we have MS07-016 , this is a cumulative patch for Internet Explorer to address three critical vulnerabilities. One is a remotely exploitable issue that occurs in the handling of the FTP protocol. The other two are memory corruption vulnerabilities in COM Object Instantiation.

Of the Important rated patches we have the following headliners:

• MS07-005: Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution
• MS07-006: Vulnerability in Windows Shell Could Allow Elevation of Privilege
• MS07-007: Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege
• MS07-011: Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution
• MS07-012: Vulnerability in Microsoft MFC Could Allow Remote Code Execution
• MS07-013: Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution

As always at this time of the month we recommend that you make your way to Microsoft Update and get everything down patch wise to protect yourself from the nasties that will start to make their way into the wild in the next week or so.

Add this page to your favorite Social Bookmarking websites