http://www.informationweek.com/news/showArticle.jhtml?articleID=199902337 By Sharon Gaudin InformationWeek June 7, 2007 Gearing up for next week's Patch Tuesday release, Microsoft announced on Thursday that it's preparing six security updates -- four of them for critical bugs. One security update actually can patch multiple vulnerabilities so it's unclear at this point how many flaws next week's releases will fix. Microsoft, though, did announce in its Security Bulletin Advance Notification that each of the four critical updates will affect Windows software, while only one affects Internet Explorer. Another one will address issues in Outlook Express, as well as Windows Mail. One critical vulnerability affects Windows Mail in Windows Vista and Windows Vista x64 edition. There another patch for Windows Vista that's rated "moderate". All of the critical bugs being fixed enable remote code execution, meaning that a remote hacker could take over an infected system. The one security bulletin that received Microsoft's second-highest threat rating of "important" affects the Office application suite, as well as Microsoft Visio, which is diagramming software. The flaw being fixed also enables remote code execution. It's not yet clear why this is not a critical flaw, as nearly all remote code execution vulnerabilities are rated that way. The 'moderate' security bulletin affects a bug in Windows that causes information disclosure. Johannes Ullrich, CTO for the Internet Storm Center, a cooperative cyber threat-monitoring and alert system, said this seems like an average size patch release for Microsoft -- slightly less than last month when Microsoft released seven bulletins in its monthly patch release. He is hoping, though, that several of the outstanding Internet Explorer flaws are fixed in the June 12 release. "There are about six publicly known IE bugs out there," he added in an interview. "Typically, Microsoft issues patches that fix multiple bugs. Last month, four vulnerabilities were fixed with one IE patch. That would be good." Ullrich also is hoping that Microsoft patches several outstanding Office vulnerabilities. "It's definitely one of the issues that keeps bugging users," he said. "We haven't seen any of them widely used yet. They're being used in smaller, targeted attacks." _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Fri Jun 08 2007 - 07:21:15 PDT