Microsoft Tackles Vista, Virtualization Patches

Patch Tuesday finds Microsoft addressing a host of security issues with Vista and virtualization.

Patch Tuesday brings with it a host of security issues with Vista, issues with virtualization and a fun time for system administrators who deal with clients using some wildly popular Microsoft applications: Internet Explorer and Excel.

On Aug. 14, Microsoft released nine security patches for 14 vulnerabilities, with six of the updates rated critical, in its biggest patch release since February.

"With nine security bulletins, today is the second-busiest Patch Tuesday this year," said Dave Marcus, security research and communications manager at McAfee Avert Labs, in a statement. "Many of the vulnerabilities addressed by Microsofts fixes could be exploited if a Windows user simply visits a malicious Web site. Microsofts patches again underline the trend of malware writers seeking out the Web browser as a means of attack and reinforce the need of safe browsing habits."

One thing that Microsoft failed to get out: an update that would address an ATI driver vulnerability that affects the Vista kernel. Microsoft told eWEEK that its now working with Advanced Micro Devices on a fix for that issue.

All nine of the security bulletins pertain to what Eric Schultze, chief security architect at Shavlik Technologies, calls client-side vulnerabilities. That means a user has to take action in order to get attacked. In most cases that involves visiting a malicious site, reading a malicious e-mail or opening a malicious file.


Read here about Microsofts $50 million investment in its Forefront security line.

The good news: Server administrators running big server farms, with no users executing script that can install code onto their systems, have it easy. Their servers are safe, Schultze said, given that theres no vulnerability that can result in a Code Red or Nimba worm situation.

Still, todays patch load is enough reason to disconnect your PC from the wall for a few weeks, he said, given that if you visit a malicious site, there are six ways you can get attacked.

Starting at the top is MS07-042, a vulnerability in Microsoft XML Core Services that could allow remote code execution. This vulnerability, which can be exploited through attacks on Microsoft XML Core Services, involves a user viewing a maliciously crafted Web page using IE (Internet Explorer).

That one, rated critical, goes hand in hand with MS07-043, Microsofts security bulleting regarding a vulnerability in OLE Automation that could also get your system hijacked. Users are vulnerable if they view malicious sites that contain attacks on OLE (Object Linking and Embedding). Both MS07-042 and -043 were found by the same researchers: An anonymous researcher working with the VeriSign iDefense VCP and an anonymous researcher working with the Zero Day Initiative.

A third critical vulnerability is detailed in MS07-044, which addresses an Excel problem that could allow remote code execution if a user opens a malicious Excel file. Nothing new there—Excel security vulnerabilities are popping up regularly nowadays, Schultze noted.

The MS07-045 security bulletin scoops up three critical vulnerabilities in IE that could get your system hijacked if you view a malicious site with the browser, given that a maliciously crafted page can trigger ActiveX controls on vulnerable systems. The flaws pertain to just about all versions of IE, including on Vista.

Ms07-046 is another critical bulletin, involving a vulnerability in GDI that could allow for remote code execution. This one involves visiting a malicious site that contains an evil graphic. As soon as you view the graphic through a banner ad or on a site, the malicious graphic attacks your system. Microsoft has patched GDI multiple times already, Schultze noted.

Amol Sarwate, manager of the Vulnerabilities Lab at Qualys, said -046 would likely be his top-priority patch to apply, followed by the IE and Excel patches, given the applications prevalence and the consequences of remote code execution.

MS07-050 addresses a critical vulnerability in VML (Vector Markup Language) that also allow for remote code execution.

MS07-047 deals with two important vulnerabilities in Windows Media Player—particularly, in the skins that make Media Play look pretty—that could lead to remote code execution.

One important security bulletin, MS07-048, is notable in that the two vulnerabilities addressed arent in old code—theyre in Vistas Windows Gadgets, a new application that lets you run gadgets on the side of your screen that do things like display clocks or the weather or sports information.

Page 2: Microsoft Tackles Vista, Virtualization Patches