Microsoft Tackles Vista, Virtualization Patches

By Lisa Vaas  |  Posted 2007-08-14 Print this article Print

Patch Tuesday finds Microsoft addressing a host of security issues with Vista and virtualization.

Patch Tuesday brings with it a host of security issues with Vista, issues with virtualization and a fun time for system administrators who deal with clients using some wildly popular Microsoft applications: Internet Explorer and Excel. On Aug. 14, Microsoft released nine security patches for 14 vulnerabilities, with six of the updates rated critical, in its biggest patch release since February. "With nine security bulletins, today is the second-busiest Patch Tuesday this year," said Dave Marcus, security research and communications manager at McAfee Avert Labs, in a statement. "Many of the vulnerabilities addressed by Microsofts fixes could be exploited if a Windows user simply visits a malicious Web site. Microsofts patches again underline the trend of malware writers seeking out the Web browser as a means of attack and reinforce the need of safe browsing habits."
One thing that Microsoft failed to get out: an update that would address an ATI driver vulnerability that affects the Vista kernel. Microsoft told eWEEK that its now working with Advanced Micro Devices on a fix for that issue.
All nine of the security bulletins pertain to what Eric Schultze, chief security architect at Shavlik Technologies, calls client-side vulnerabilities. That means a user has to take action in order to get attacked. In most cases that involves visiting a malicious site, reading a malicious e-mail or opening a malicious file. Read here about Microsofts $50 million investment in its Forefront security line. The good news: Server administrators running big server farms, with no users executing script that can install code onto their systems, have it easy. Their servers are safe, Schultze said, given that theres no vulnerability that can result in a Code Red or Nimba worm situation. Still, todays patch load is enough reason to disconnect your PC from the wall for a few weeks, he said, given that if you visit a malicious site, there are six ways you can get attacked. Starting at the top is MS07-042, a vulnerability in Microsoft XML Core Services that could allow remote code execution. This vulnerability, which can be exploited through attacks on Microsoft XML Core Services, involves a user viewing a maliciously crafted Web page using IE (Internet Explorer). That one, rated critical, goes hand in hand with MS07-043, Microsofts security bulleting regarding a vulnerability in OLE Automation that could also get your system hijacked. Users are vulnerable if they view malicious sites that contain attacks on OLE (Object Linking and Embedding). Both MS07-042 and -043 were found by the same researchers: An anonymous researcher working with the VeriSign iDefense VCP and an anonymous researcher working with the Zero Day Initiative. A third critical vulnerability is detailed in MS07-044, which addresses an Excel problem that could allow remote code execution if a user opens a malicious Excel file. Nothing new there—Excel security vulnerabilities are popping up regularly nowadays, Schultze noted. The MS07-045 security bulletin scoops up three critical vulnerabilities in IE that could get your system hijacked if you view a malicious site with the browser, given that a maliciously crafted page can trigger ActiveX controls on vulnerable systems. The flaws pertain to just about all versions of IE, including on Vista. Ms07-046 is another critical bulletin, involving a vulnerability in GDI that could allow for remote code execution. This one involves visiting a malicious site that contains an evil graphic. As soon as you view the graphic through a banner ad or on a site, the malicious graphic attacks your system. Microsoft has patched GDI multiple times already, Schultze noted. Amol Sarwate, manager of the Vulnerabilities Lab at Qualys, said -046 would likely be his top-priority patch to apply, followed by the IE and Excel patches, given the applications prevalence and the consequences of remote code execution. MS07-050 addresses a critical vulnerability in VML (Vector Markup Language) that also allow for remote code execution. MS07-047 deals with two important vulnerabilities in Windows Media Player—particularly, in the skins that make Media Play look pretty—that could lead to remote code execution. One important security bulletin, MS07-048, is notable in that the two vulnerabilities addressed arent in old code—theyre in Vistas Windows Gadgets, a new application that lets you run gadgets on the side of your screen that do things like display clocks or the weather or sports information. Page 2: Microsoft Tackles Vista, Virtualization Patches

Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel