Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Microsoft Patches 20 Security Vulnerabilities



 By: Matt Hines
2007-02-13
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Updated: The software giant matches its all-time high for monthly security fixes, issuing a dozen bulletins that aim to patch 20 holes in its products, including 11 critical issues in Windows, Office, IE and eve

Microsoft delivered its monthly batch of security updates on Feb. 13, delivering fixes for 20 individual problems in its products included in a dozen bulletins, six of which were dubbed as critical, the firms most severe vulnerability rating.

Among the security updates issued by Redmond, Wash.-based Microsoft was a cumulative bulletin for the companys Internet Explorer browser which seeks to address three issues all ranked as critical by the software maker.

Included in the IE bulletin were fixes for a pair of COM (component object model) instantiation memory corruption vulnerabilities, and a fix for an FTP server response parsing memory corruption issue. The issues are rated as critical in versions of the browser previous to its current IE 7 iteration in which they rank as only "important" or "low."

In another cumulative bulletin, Microsoft issued patches for six individual problems in its Word products, five of which were rated as critical in the Office 2000 iteration of the product. Included in the update were fixes for a malformed strong vulnerability, malformed data structure flaw, malformed object drawing glitch, malformed function problem and a Word count issue, all of which received the critical designation in the Word 2000 version of the program.

Resource Library:

An additional macro vulnerability and examples of the other five security problems present in later versions of Word were given the less severe ranking of important. However, all six of the Word vulnerabilities could lead to remote code execution by attackers if properly exploited, Microsoft stated.

In another Office-related bulletin, Microsoft distributed patches for two individual problems in the package, specifically detailing a malformed record memory corruption vulnerability in the products PowerPoint presentation application, along with a malformed record issue discovered in the Excel spread sheet program. Both issues were ranked as critical in the Microsoft Office 2000 version of the productivity suite, and only as important in later iterations of the platform.

Click here to read more about cyber-security.

Among the other critical security bulletins issues by Microsoft was a fix for a problem in its HTML Help ActiveX Control software which ranked as critical in its Windows 2000 SP4 and Windows XP SP2 programs, and charted as only "moderate" in its Windows Server 2003 and Windows Server 2003 SP1 products. If exploited, the problem could allow affected computers to be taken over remotely by hackers, the company said.

Microsoft also moved to fix a well-publicized vulnerability in the Data Access Components element of its ActiveX software rated as critical that exists in its Windows 2000 SP4 and Windows XP SP2 products. The problem is also present in the firms Windows Server 2003 package, but rated as only a moderate risk in that product.

Attempting to patch an embarrassing flaw in its own anti-virus software, Microsoft issued a patch for a critical problem in its Malware Protection Engine—which is an element of nearly all the companys security products, including its Windows Live OneCare, Antigen for Exchange 9.x, Antigen for SMTP Gateway 9x, Windows Defender, and Forefront Security packages.

Like the other flaws addressed by Microsoft, the security product issues could also allow for remote code execution of affected computers, the company said.

Included in the six bulletins ranked by Microsoft as only important were fixes for problems in the companys step-by-step interactive training program, with related vulnerabilities cited in the firms Windows 2000 SP2, Windows XP SP2 and Windows Server 2003 products.

Other important bulletins were shipped to address issues in the Windows shell technology, Windows image acquisition service and Windows OLE (object linking and embedding) dialog system. The company issued important patches for issues in its MFC (Microsoft Foundation Class) library technology in Windows, and its Visual Studio products, as well as to fix a problem in the RichEdit function of its Windows and Office programs.

Security researchers highlighted Microsofts move to shut down at least six product vulnerabilities that have been used in so-called zero-day attacks, or malware threats aimed at flaws previously unrecognized by the software maker.

"Today Microsoft patched six vulnerabilities that were previously used in recent targeted zero-day attacks," Dave Marcus, security research and communications manager with McAfees Avert Labs, said in a report.

"This continues the trend of malware authors targeting widely deployed Microsoft business applications and services. Malware authors continue to find unknown or unpatched vulnerabilities in popular applications and services which are then used in zero-day attacks, putting both business and consumer data at risk."

While Microsoft tied its record for its greatest number of security bulletins, having shipped another dozen of the updates in August 2006, the February 2007 release fell short of the companys record for the most individual patches, as some 23 individual issues were addressed in the August 06 shipment.

However, the February 2007 shipment does establish a high-water mark for critical patches released by the software vendor in one month as Microsoft addressed only 10 issues earmarked as critical in the August 06 batch of patches, while the February 07 release seeks to fix a total of 11 critical security problems.

Editors Note: This story was updated to include additional information from McAfee.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Microsoft Patches 20 Security Vulnerabilities
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Matt Hines
 


xv"90V䅻)m\Ŵm<*w9gR@̜6ջ_y'BR޸|_Um%$"BP(?J9wtô1f%٩c}:I,ޛ7o}LUQ!3W(2 E]0ezfHz|}@^cF"[Y| tjOt0.Ps< Z9ֳ9ԗoˍQ2 X - h3*֠O0-ZP8"PKE!@|2 [t9v *EN8S8սi/De)lG*F4w/il|V5~{ЀkoaV黖>?"N-G ,ȓ -CUl<vi!g23!g ݻHbPrNw!25ARZ@[4HeCc`wXS*PVfFԴ;g!u[gc]ױ}ǣ!&d -{`2rHf2Xp~?j11|u7O?LI܅N؎MYnհ}}S[uoǞ3#2I]Ԓ],p,U0wC'&>dСģzr$˺3hClC붦bU(J-_.JZ߉*{6{2كK޺RR5MQ `|]`-vu]kUu9Χ[yи} Vb;}"*@DETk$_'6tt<_MBn$>@FI/j;|#R-TմR 4f3}3-i*U$vw*?ZZu"ɇv ;lM,!\4V(^XFHwE%Ms%gkr>iu>;3(tfAZ|]mUV׏`Kk']ĻE[C9Ca#U*Ūf!1x9}jI>OHF,Noz۾Bdu!$s7{R(9#02i4(ߦA·[ QWtBVm҄ )B!aJ`ukf3'@̀kfgPXD`4R 9lbsvfyA̷\PEP샖_΢[2ꆢө$ɛ!"ˆG9xW,ʹe䁉1SUҽTws 9tipvZnՉ*YX^uefjZl-~4҂[sq}nUOnK/364>pX.B2iK1qJ۫ZTUݣUPPRUaG&-djˠqaeBݠ#}f9w͂i`HhӧY5LRÜMݶ!9N: N+/6Gͥ $ 47P}HG:QI$ p|gͅz9ԙ0鋥* Cb`N3ZTP"AЂNx>tTێ]6}l2w9;-,&w&z@rWt#X` V!PC' C}SȀ|` )QmN7-}`Z1 5fCJKm[r%FaA.G)+I&BD(jHB !Alq [$phxd+ ~Gy5}"!bXHj"['5XxB#;}X|(PύWb!b -xkb~I(l eZ&zOpfBd '"fPPW)hҚ̡ [9ܺL M؂ ȩ* C KX)A~n0 ǀx9u;Jh`p=XͰ b՜兏e5du)nNM6s8!B~`Y&4D 7q9IyR ouMV{XaOv!wn'6`F 2VS w$m˴o)Xۊv!7sݐC/2$\^&VAB1 :}>I!VF13OH sz@fehI*#75 ?y`OEҏa5=%nQ/0}ęRԽĠ3BZSMs\|(~6[֕[%3˺ڏbum"$lCs4 mg@y lPٖk+,:+}:K_jiHH*6@_1-# %#?ԉ0ZT:;6R>Wl(`V59JȄeU5,uVfn (Ő`@D}a&ʤë ;q\cOzuHn&zSE|y<=Zjbq'T4 ˀQ5qZ}Ä끄_ǂeK,|o2tj:|ꚺ9/m g}aGlJsws4ڌVpvGa!2fÑiHuߴIF̫EU-АRQɫjycl ؑq,Yri T*gXs1h}6[u{NBWMK- Ӟ#瀚:$f'ᠬcD8r꺟/) cG˿^vw3zm>]F>1 $CPǨʰm8Zzq$KD!(Mܧh&L3wSN䱯3 i0ҁq_HEy[kpp\U+L,:J1- [ Hg [^zoSC znAaQI:lx"BgOC{nc>TZea,z,R)WJ9Ɔ86˵Z.q}*xϸoFM]:1h_܉Qo>+>k냪̦;PC93㑏.SK #*# 4c`2$$VG 2cU)WF1 .KNjZ0=: jfNM6{ w "8&gS|<έA pe 7d٤/H[D {@nESU[}[[3]V OP:$l{H &`Q4E:Ji·%5-| I1H%kS3GŕR6Ю# >Lu*j%W֬}ZAc^rLjB&:Gd@#PaN?]Gw]7/3Od[̌9u2D8ZA1J,;E9Ȳ5(_c1LnuIt@ĨsyUM+&FeA3SYdpaR8c= [ 3PXfS~TP8 ,B1lۙ+f*r6?K][L4G@v1>3%[4OQh9 2?(ZUKB7X["+۝>,k0/$,3ՄqqS)*RT H+Utq͡/3O ny" ҧq_IPeȣ䖯)+i-TP*з 73pa/W*j6 BD*>"GwŏkoȧrVՋG~!W>U P/e$yVp8s1=e0VVhW`Ze&s\ %܃{3iPo)Q󩛗R5+[Y.)Ӕ7ϰ:3dRb k(^hCe[*s]= Si{ܜ׍>zIƝ RA 5`r\~ؓN\cĽ) RA-GdA|a+RWˠWԒ ePDBZNbxtxW !&6ǏWXO<sdK!Mo$DDOCVlg'A+6ǿӛ cCazUA-1AE6 Ocy* n3$ @$K{s>}8"ySu.{Y}p;nNkw.+o|hEqJ}kq 2 }]j_~;"]˯;/OE}M q߲oQR=H3 r!CcI1>`dKj/K׼mv: 72wDH4r:E}R|Is޹Wj}ْ:WΓ!5'R9!pUV:fSڎ6N#Z]=8i8t/=‴5)/s}ںĂ Ӝ$"J?N3$nX Jam0Gvjފ#~}Xs XPH?(Wi;0R{B*q^7?GW2sy^SF(+bK)"$DY |iu_f bt4zUt"wۿBWo!R!~_!c&8~ P֬=8̭rl%׸ziAebS`݅{[s3 FҴnX6(n1~xA\|j]iԎ(%T78^y;)~ڲ/܃Y(^H#˹? {v@Iu=JƛP'i&.s[GSf-ȔBJ4:<Q2ٞ$iYMzJ,bTcH(PPKzI3>evޞ,Hy=Yi@ybZӽK3BJdë ̑mI+4$/EiA0'p!,GBlb'%hw:Brc7`|xr'fx'xj}qUȇZr{hWNj,6GID95u<'2Qf -dzP+ [_YL.40{}]#ޓd=4W T1'mx9l} HKa8;q=<vcϑ{~\BzSwOɍ23Xs\Zp+¿|<,X g61veG5i^~}1L[e$H~$Z0;#|&~.?} j S>O4dwX/'N9V:E4bOf0CݥٿOd/Y){[ ?--8t砞R#K1$$ZN@"*s攤ˮdȔWN /Hƣb[@Ɍ7CKҁ[&-3!;Go 8`#٥qfjP {~=˸]f+ O} [,eEKW%r.r\5"n'x(Z\8|>ˋgUꀞ h0KY_{+&bi4W3[T>=l〩Z~D Rb7mc?}3r> AX38sH2q&cx2HB%wVp. v_!O!%JJMa-]Cfuk=ô§ ,'i_p8|+؊wfo_Onߖcs#o)#n2k.7/o-).ěPg=nB70xS/3o[[E+J86bԳ-Aot0a86#,ҜiռV.M&tşousp~r5+&05yЉbJr _:myG>uY W(UTh]tDd'IdH'%_:oL'&)]a~?2L Q!k%H,C{0ĝm] ϼ xL}4,lʐ2/K Oy`n_:iQ! X10aPH]]Eo40܂zr Ʊ &.0.]73:8c:&b jP;rӊZDSud^E~wQwg8Չo,RXQ8S}1N *e6B$M0]:i؁H@IBb%M:ҧ+01B1e' d(V H,@[iєoBFFة;U>wYR4I$m)4.#gYڠǨ MjK \hX4?,RX- K\%z* Z8Z&mعT%I/A|@)ݓ#=Y#"@*咦<~qB5zHTB]Ow|DtegTމK "Pۖ /OݐnI]KSg~KgY'nA$ a@1vAm?ew%UR ےKl!F7lHԋ R*V+MB$0[^OFҲ'gTމ*Hz\{҈*1L_5ڰ,*Ri2z"% `^17 k]oKf[+{3L3L'_%S" K9BesK$,ۍ[]]p͖٫k]2xuMBT}6M/aMRO\>TJ`jc:TSkIyӼTюW~xD>3]09>%i'~h[S묽^i%j/Eۂ+t1եH#@q8#bNʻz_vUtch@ӷKuSu 9tE=ԇ^R7[\AFr,ӟHjPO-l` $l-Fżol_g^M%%id{DWRwb|&|.v)-ud<Ǔ:]q<ؖUXPe0L} r'/g M!F^l[˛i+J8Ԇ}kH:a Cd.}vfU 'rA*5$r ka1̋ ״oe=I>lI7mD+f)Zbz8S[7o@.h ,F{ W/+:hXg|ux{1 0RWRV$gBx@ ,%9n"yw9t`<ĒAǸHFPx^Ҽ񦺵40dS ^4 J11ǜS]RUWs.}KBG(zdq<// #|PWwƄOGKJ9.֤`ɣ.j+,z JDC f#-F%נ)x9}fbjģ Rkah;Xyh}Vy k LZZ9Owz޼tgO%ZYщ,ݾ]e[NxcEE8QHUA-q5 e]i_8?AnIi (}LǠ߄O c /,rthƃrX*ZDv}LJ/tX3+b=(#>y>xA2I= o x-:e#ʒWH7˽}H[e'郀tZꈁ$E슃L(aeB @q7Z!>'yk]w 4>wf(M$Cq'`#oY}NGFwm;Nlx|֐D ]TVZA3 Bx7t#l9mpjŃc@^ـ />1sS;9Ĕ#M3`aueW*y\n_n ?1f@6L-;a8IAX#hbG#gnq79kN-i`Kk0'x D}G3%xH 1шy Z3"&l&q>a|H>uW\j !1g昑Gi.#_ӏ(NXJ.JgeY d3w  S!\W%%n4Wp=9_Yx+uJ:Laww.BWuѧn-OTgN ]l05{R{? :t^VC1%&|^$nwKM B$!%H$b{=9`56Ahzõw'ЗY7aЇ\ 3+z+ÔP(W|+V0cU-&n+_cS|ng/c_\iBR&. ?g$-CF쎆CdQ}H|TBz،X\{ݾi4?5iVt?wOWv;7x ZѷpKtԝs9|ҹ|־l]]/{ƙ׻(kyl21^ Β^9l^28SKs!Yx9&xU84dG_1=Te8q@'a?)Qd;̋ QW~0`a_)o^]m3R[NA|vuQ uԢ@k1LmЇzQe p!>E['=ҹleJk%ꋲs B7_C&PjsC~;{O '> s?7G>C;^>4ڧ CLrC>v3_?C||Xab|^~.6碋l@@yr/?A  Æ@?6_@ņ| { s.a.7_ȟ _>6ԿPzta mo@_7')i>>m l@7͆on6_r 77Y 7NoX8z)@^l_~ڔ[˳ U J oi7:ث x.3n %oel޾:&BR; +]QM[xM}-kkZ1n6lv B__&cˬFY^I{R}ntE ̏I>4𞫫qLvw,ߔYnƊ6sLqϜOǽqa@BXz9|.|m0'1 }^nF$ZQ37]xwPn$Dx?5Wx-C \<ڎNޝ{f08O? 8oCdx$'+};=W,V<-t&j\e֣fhS =5|3|eTAgxuCZחU}%ڳi=>Y?:Vɤ[TlV{A[Rg5 fu¿.A)cwG ? 3q Ʊ XGP{ciSrP3)b|3S7rɈHτ[Ti׿#|S%/uL^)}0=qa:՞/kfov¶'6*\G'V!m!`,9<21sHP,f#V|< Ctuy9n"P\x; n+QU Z~sj0ᚁS ƍQgJM&DC '0p"Ǐ)L}r 1)d1ikоuIň,H-gÄ_ðh_n=N7"VGu;-^4+_w!˙:Z ,)u΄c[?-\mgrnC}eWw.|~",x`WH>{1tAu1b/c?Jwax>zG<#FOb\WnBaI3&ܴg5|:U59Ds/~2gI+m}x%ʎ$J)oAo^ ɡvgi/v U1^{3D3$0z< ASĠ)de F&V3n,=GIDπjUMj΢ْ3?SzG-Řz LJ @b C%rvu> ҽDjcb~` ;BI<`-<>lB*9"Zӷςm)@AekA/?iwH3軱x&%mY dv.ymsъHpi9ФŠ#Xw|6(68|%K' ϻyHj(tۅ?P & 1&,ڍL[c.Lc0ŴBChI -(O?5'knx#5E`w4aghBS /RNy(s*>`H6A1<;Z~ /xu!AY=-_!0p,\f tO6A|EKo@x7g(N~")1 PE֧2R8WD ^)Ybd횙-ƽP?Ba1\XdGx kyj#ŧSXW<2JP+J`Vw(̝ ,ӟ~HǶQĶ2=ڕ*zrcxd+[f:m狰BNx3AE﩯K,^rXٽb=bΐRGHǸ׭[t[ qf@ xQ bzG:qSr6r! XGڢZMQ`W8~nb=?];=kAؕc׮<Xè+ vf$оfpaͰ޳sWG)xH>%B6QryʱIErsg<5Z-UeUcu-14Ko̓g{V"K#g9- `=>YKc&&ı`=bp8 te0QSLFٔ6s3a?U`2M߿Z.$AsDe]dxtGiEL`$;]+vN$th&P?f#|撟 元>WNyNE=Kf}+s)VR,_XП]̑?1/[Z=H>|C]O֤=d>Ͻ7# ^85D ׿Ͼŗ_xbi-R^7 _{oIJP/Y3C{ bcE%@4Xk< t#vV͠_ .VALaK럢g} #ZGľ%ͺR3[j/s18C2prPgIa Zp(YsXg{}@u؂gj@ L(o,!)A_/0JQ)Ҿjajx @ R@Mi`мE2Z~-]Z(znfKy)t.r~9Vv٠>Vbu jτ>3zG32Qcq xCxV?Eܑ(jmO:_$z*[FTwz5ܥ/Sf, 7Qj%Le%*%>K'RgԴ+mqUb7XnKs"ݓ9ظ@0~ [tWºVK MueǓUܠD2Sێ87{sA- g|SDػbf,mqfp]  . AhM~@I #l >D YЈPp`,Am&[}2s1J.ںevl HM|K~\K,.e%7!h -wXެ=%!|R9T]BӄEŠ=֡xU3YPx?+'sOEJfea5UP1~A ݦ/KߪcPwIk\="P3-~HKͱq`Wg0Yj@u=0ɲWGYqYyOc̻ yP{kX(#P{+-ܘUf: 丠Ȥ_/Ǟ:tBȠ"m,y@cxL|qcgbR;BlHcAqߎ ]φؘݢኸc'6DDփ H!>|]>\RQ=p""4\A., ,'sKo ɺʸHt!-⚰YЗD`8kH ߋ&J2"$+ш4a̕F@9i>ڐD@u.?' T#ևx;wuF#ޑw Y1nRG - 7<ݵϫyۮ+6)ck7&ޙc h Y2-A0+r(<כ5) ls|n $E*J+Kx8s}(γdf-JM@hDs5 9cgtxB4h{o|PWg\?m!"gY'NԺg+LcVtY&ibC$9! V,|JašLj!DH8 ܡ}N^zURW^%ϻ kx+|v7ؘ`HU it=vvѿ!8\fg^9,%#xI7LF#^*T+5Uj|Y+UwxZNx(Rp ),!_MI` %(҉4Bivl4] 0\6w(h2ڒGX\ٓ){*xa7|ZMo!Y'5/矏>&!Uktۿ"F\y}j;Z}9\a͓__w>^JaA itNV\ 'U}>Y_A1Vfo={C0 _=ޙ.Pr";oE1DTB%q F{q \q: