Main Menu

Login



Support Virus.Org

Help support Virus.Org by donating.
Donating allows us to keep this site free and pay the running costs of all our services.
June Microsoft Patch Day PDF Print E-mail
Written by Editor   
Tuesday, 12 June 2007 21:19

Today is the day every admin hates, it’s the day that Microsoft release their monthly Security updates. This month we have a total of six patches, which cover a total of fifteen separate issues. 

Four of the updates are rated critical, one rated important and the final one rated moderate. MS07-030 covers two remote code execution vulnerabilities in Microsoft Visio; this update is rated as important and covers Visio 2002 and Visio 2003. The first issue is as result of a problem handling packed objects within maliciously crafted .VSS, .VSD and .VST files. The second of the two issues is a again is as a result of a problem handling version numbers embedded in .VSS files.

Next up is MS07-031; this update covers a problem within the Windows Secure Channel (Schannel) Security Package. The vulnerability arises as a result of the way Schannel on a client machine validates any server sent digital signatures. An attacker could exploit this issue using specially crafted responses during the SSL handshake procedure. This issue affects Windows 2000 SP4, Windows XP SP2 and Windows 2003 and is rated critical by Microsoft.

Next we have MS07-032; this issue affects all versions of Microsoft Windows Vista and is an information disclosure vulnerability that allows a local user to gain access to arbitrary information including administrative passwords contained within the Windows registry and the local file system. The issue is rated as moderate by Microsoft as the issue can only be attempted by authenticated users.

MS07-033 is a cumulative update for Internet Explorer, this update is to address six vulnerabilities with Internet Explorer. The rating for this update is critical; this update applies to Internet Explorer 5.xx, Internet Explorer 6 and Internet Explorer 7. This update covers the following issues in Internet Explorer:
COM Object Instantiation Memory Corruption Vulnerability – CVE-2007-0218
CSS Tag Memory Corruption Vulnerability – CVE-2007-1750
Language Pack Installation Vulnerability – CVE-2007-3027
Uninitialized Memory Corruption Vulnerability – CVE-2007-1751
Navigation Cancel Page Spoofing Vulnerability – CVE-2007-1752
Speech Control Memory Corruption Vulnerability – CVE-2007-2222


MS07-034 is another cumulative update for Outlook Express and Windows Mail, this update addresses four issues. The rating for this update is critical and affects Outlook Express 6 and Windows Mail, which available in all versions of Windows. This update covers the following issues:

URL Redirect Cross Domain Information Disclosure Vulnerability – CVE-2006-2111
Windows Mail UNC Navigation Request Remote Code Execution Vulnerability – CVE-2007-1658
URL Parsing Cross Domain Information Disclosure Vulnerability – CVE-2007-2225
Content Disposition Parsing Cross Domain Information Disclosure Vulnerability – CVE-2007-2227
The final update of the day is MS07-035; this update resolves a remote code execution vulnerability in the Win32 API. This vulnerability is a result of the way API validates the parameters passed to it. The issue affects  Windows 2000, Windows XP SP2, Windows XP x64, Windows 2003 SP1 & SP2 and 64-bit versions of Windows 2003. Windows Vista is not affected by this vulnerability.

As usual for this time of the month, buy your sysadmins some beer and keep them happy while they push out all the patches to your systems to keep you secure.

Add this page to your favorite Social Bookmarking websites
Digg! Reddit! Del.icio.us! Google! Live! Facebook! Technorati! StumbleUpon! Yahoo!
Last Updated ( Wednesday, 13 June 2007 14:35 )