- Nokia's new N97 vs. the iPhone
- 10 Microsoft research projects
- Hard to get justice in MySpace case
- Smartphone smackdown: Storm vs. iPhone
- Apple removes antivirus support page
Microsoft Tuesday released five patches -- four on them rated critical -- as part of its monthly security update cycle. One of the patches affects Windows Vista.
The four patches rated as critical, Microsoft’s highest rating, involve the Windows operating system and Microsoft Content Management Server (CMS). They are: MS07-018, MS07-019, MS07-020 and MS07-021.
The fifth patch, MS07-022, is rated important and addresses a vulnerability in Windows.
Some experts say it is patch MS07-021 that is the most significant because it is the only one that affects 32- and 64-bit Vista, Microsoft’s newest operating system.
“We think 21 is critical because it is an indication that older vulnerable OS code is being reused in Vista,” says Amol Sarwate, manager of vulnerability research for security vendor Qualys. “It definitely opens doors for attackers to try attacks that were used on older [Windows] code.”
Sarwate says MS07-021 also raises concern because it contains a Web-based attack scenario that could download malicious code and take over the PC of a user who opens a malicious Web site with their browser. Sarwate also says MS07-021 is a zero-day attack that was first reported in December last year.
He says that Qualys has not detected any exploit code in the wild such as seen with the .ani vulnerability for which Microsoft issued an emergency patch last week.
Also of concern, Sarwate says, are patches MS07-018 for CMS and MS07-019 for Windows, which are server-based attacks that do not require any actions by an end-user. When servers loaded with CMS or Windows are running certain services an attacker can send an HTTP Get request with a malformed URL and take over the machine, according to Sarwate.
MS07-021 also affects Windows 2000 Service Pack 4; XP Service Pack 2; XP Professional x64 Edition and x64 Edition SP2, Windows Server 2003, Windows Server 2003 SP1, Windows Server 2003 SP2; Windows Server 2003 for Itanium-based Systems, Windows Server 2003 with SP1 for Itanium-based Systems, and Windows Server 2003 with SP2 for Itanium-based Systems; and Windows Server 2003 x64 Edition and x64 Edition SP2.
More information on the other patches and the affected systems can be found here.
In addition to the patches, Microsoft released the monthly installment of its malicious software removal tool. This month’s update removes Win32/Funner and can be downloaded here.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (1)
Microsoft issues four critical patches including one for VistaBy Microsoft Subnet on April 10, 2007, 5:24 pmMicrosoft Tuesday released five patches - four on them rated critical - as part of its monthly security update cycle. One of the patches affects Windows Vista. The...
Reply | Read entire comment
View all comments