4 out of 5 critical issues fixed on Patch Tuesday

Posted by   Virus Bulletin on   Oct 10, 2007

Expected patch omitted from monthly security update.

Microsoft has announced the contents of its monthly 'Patch Tuesday' security update release, with four 'Critical' and two 'Important' fixes pushed out to users of its operating systems and software. A fifth issue, labelled 'Critical' in the advance notification released last week, remains open as the expected patch has been held back to resolve issues discovered during final testing.

The critical patches cover single vulnerabilities in Word, Outlook Express/Windows Mail and Kodak Image Viewer, as well as a four separate problems found in Internet Explorer, one of which had been publicly disclosed as long ago as February. All could allow an attacker to execute code remotely on vulnerable systems. The less crucial fixes are for a possible denial-of-service vulnerability in the RPC system and a privilege escalation issue in Sharepoint.

Little detail has been released regarding the missing patch, except that it was withdrawn following a 'quality control issue'. It seems likely that it will be kept back until next month's Patch Tuesday. Of the vulnerabilities that have been fixed, at least two, the flaws in Word and Sharepoint, have had exploits made public or used in targeted attacks, according to SANS.

The full security bulletin detailing all the patches is here, with a Microsoft Security Response Center blog entry describing the changes to the scheduled release here.

Posted on 10 October 2007 by Virus Bulletin



Latest posts:

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

VB2021 localhost is over, but the content is still available to view!

VB2021 localhost - VB's second virtual conference - took place last week, but you can still watch all the presentations.

VB2021 localhost call for last-minute papers

The call for last-minute papers for VB2021 localhost is now open. Submit before 20 August to have your paper considered for one of the slots reserved for 'hot' research!

New article: Run your malicious VBA macros anywhere!

Kurt Natvig explains how he recompiled malicious VBA macro code to valid harmless Python 3.x code.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.