Microsoft fixes 14 flaws in biggest patch day since February

In the biggest one-day security update since February, Microsoft Corp. Tuesday issued nine bulletins that patched 14 vulnerabilities in Office, Internet Explorer (IE), and every edition of Windows. Eight of the fixes were pegged as critical, the company’s highest risk rating.

Faced with an overload of vulnerabilities — including some in components that Microsoft has patched in the past — researchers squabbled over which should get priority.

“I think six of these are equally important,” said Andrew Storms director of security operations at nCircle Network Security Inc.

“The GDI vulnerability is the most critical,” said Amol Sarwate, the manager of Qualys’ vulnerability research lab.

“MS07-042 affects everything,” said Don Leatham, the director of solutions and strategies at PatchLink Corp.

The only update that all three agreed should be moved to the top of the list was the one that patched a bug in Windows Graphics Rendering Engine (GDI). According to Microsoft’s MS07-046 advisory, the GDI bug not only affects Windows 2000, XP and 2003 Server, but a successful attack could give the hacker complete control of the PC.

“This affects a core Windows subsystem, and all versions except for Windows Vista,” said Sarwate. “Unlike most other vulnerabilities, this one doesn’t need an application, like Internet Explorer; all that’s needed is a [malformed] image file. The only good news here is that this does not affect Vista.”

As usual, Microsoft’s monthly updates have been posted to Microsoft Update and Windows Update services, and can also be retrieved through Windows Server Update Services (WSUS). The necessary files can also be downloaded directly from Microsoft’s Web site.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.