Today, is the second Tuesday of the month, better known as "Patch Tuesday". On the second Tuesday of every month Microsoft releases patches for its Windows OS, and its become quite a ritual for a Windows users. But most don't even notice that these patches are release due to the fact that many have automatic updates turned on, ensuring they are always patched and protected from the insecurities of the web.
This month, Microsoft has fixed 15 flaws with six patches, four of those patches are being considered to be critical by Microsoft. Two of the released patches affect Microsoft's Windows Vista, one critical patch is for Internet Explorer, and one patch also affects Microsoft Office. I'll give you a brief description of each of the critical patches, for more information on the rest of the patches check out this article at C|NET's News.com. Don't forget to patch your systems!!
- MS07-031: Critical
Entitled "Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)," this bulletin affects users of Microsoft Windows 2000, XP SP2, XP Professional x64, and Windows Server 2003 (SP 1 and 2, x64, and Itanium-based systems) but does not affect Windows Vista, and it addresses the vulnerabilities detailed in CVE-2007-2218. Successful exploitation could lead to remote code execution. - MS07-033: Critical
Entitled "Cumulative Security Update for Internet Explorer (933566)," this bulletin affects users of Windows 2000, Windows XP, Windows Server 2003, and Windows Vista, running Internet Explorer 5.01, 6.0, and 7.0 and addresses the vulnerabilities detailed in CVE-2007-0218, CVE-2007-1750, CVE-2007-1751, CVE-2007-1752, CVE-2007-3027, and CVE-2007-0222. Successful exploitation could lead to remote code execution. - MS07-034: Critical
Entitled "Cumulative Security Update for Outlook Express and Windows Mail (929123)," this bulletin affects users of Windows 2000, Windows XP, Windows Server 2003, and Windows Vista, running Outlook Express 6 and/or Windows Mail but does not affect Windows 2000 systems running Outlook Express 5.5 or 6 and addresses the vulnerabilities detailed in CVE-2007-2111, CVE-2007-1658, CVE-2007-2225, CVE-2007-2227. Successful exploitation could allow information disclosure. - MS07-035: Critical
Entitled "Vulnerability in Win 32 API Could Allow Remote Code Execution (935839)," this bulletin affects users of Windows 2000, Windows XP (all editions), and Windows Server 2003 (all editions) but does not affect Windows Vista and addresses the vulnerability detailed in CVE-2007-2219. Successful exploitation could allow remote code execution or elevation of privilege.
No comments:
Post a Comment