Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to Virus.Org !  May 17th 2008 - 09:53:06 PM
.
.
.

Main Menu

Home
News Archive
FAQs
Articles
Password Database
Malware Scanner
Mailing List Archive
Virus.Org Designs
Password Generator
Web Links
Search

Search

Mailing List Search

Advertisement

Login Form






Lost Password?
No account yet? Register

Who's Online

We have 2 guests online

Syndicate

Get Firefox

.
Patch Tuesday Cometh Again PDF Print E-mail
Written by Editor   
Tuesday, 09 October 2007

So it is that time of the month again and Microsoft have something in store for system administrators again. This month they have four critical vulnerabilities and two important vulnerabilities.

We firstly have a vulnerability within the Kodak Image Viewer (formally the Wang Image Viewer) that is part of Windows that can allow remote code execution. The vulnerability is as a result of how the viewer handles specially crafted image files. This issue is detailed in MS07-055 and affects Windows 2000, and potentially Windows XP and Windows 2003 if they had been upgraded from Windows 2000.

Next we have a vulnerability within Outlook Express and Windows Mail, the issue relates to the handling of a specially crafted NNTP server response, which would then allow the attacker to execute arbitrary code. The issue is detailed within MS07-056 and affects all versions of Windows 2000, Windows XP, Windows 2003 and ‘super secure’ Windows Vista, it is also a issue for both 64-bit and 32-bit versions of the listed Windows platforms.

Next we have MS07-057 , this covers an update for Internet Explorer. This update covers four vulnerabilities that could all allow remote code execution if a user is tricked into viewing a specially crafted web page. The first of the issues is detailed in CVE-2007-3892 and is an address bar spoofing vulnerability in Internet Explorer. The issue enables an attacker to display spoofed content in a browser window in certain conditions. It could be used by an attacker to trick a user into trusting a fake site, such as one used in a phishing attack. Next is a script error handling overflow that could be used for remote code execution, this could be used by a attacker within a specially crafted web page to execute code on the victim system. This issue is detailed in CVE-2007-3893. Finally another two address bar spoofing vulnerabilities, both are listed in CVE-2007-1091 and CVE-2007-3826.

The final of the Critical vulnerabilities is MS07-060 and relates to a remotely exploitable vulnerability within Microsoft Word. The issue affects Word 2000, Word 2002 and Word 2004 for Mac. Word 2003 SP2 and Word 2007 are not affected by the issue. The issue is related to handling a specially crafted Word document, and this vulnerability has been identified as being actively exploited in the wild.

The final two vulnerabilities in this month patch release are rated important, first is MS07-058, this is a Denial of Service vulnerability within RPC service within all versions of Windows. Then we have MS07-059, this addresses a vulnerability within Microsoft SharePoint Services. This particular issue is a script injection vulnerability because the software fails to sanitize URLs properly.

As usual we recommend that you start those patching engines and get your systems updated as soon as humanly possible.
 
Tag it:
Delicious
Furl it!
Spurl
Digg
Reddit
YahooMyWeb
Technorati
Stumble
 .

Donate to Virus.Org

Polls

Will OS X be the next big hacker target?
 
.

Copyright © Virus.Org 1997-2008
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.
You can syndicate our news using the file backend.php
Listed on BlogShares
Technorati