Menu
Super bundle of Microsoft security patches

Super bundle of Microsoft security patches

Microsoft has released what security experts are calling one of it most significant security fixes this year.

On Tuesday morning, the software maker pushed out nine sets of patches, called updates in Microsoft parlance, fixing a total of 14 bugs in its software. Six of these updates are rated critical by Microsoft, meaning that attackers could exploit the flaws with no user action required. The other three updates are rated important.

It is the largest set of updates released by Microsoft since February.

"This is an intense month" said Don Leatham, director of solutions and strategy with PatchLink.

Leatham is particularly concerned with the MS07-046 update, which fixes a critical flaw in the graphics rendering system used by Windows. The flaw lies in the Windows graphics device interface (GDI) software used to send graphics data to printers and monitors.

Microsoft says that attackers could exploit this flaw by tricking a victim into opening a specially crafted email attachment, but because the bug lies in a core component of Windows, Leatham believes that there may be other ways to exploit the flaw. "I think this will be a target of the hacking community," he said. "if it's clear down in the graphics rendering engine, I'm assuming that there may be other ways to exploit this, because the graphics rendering engine is used by many applications."

The flaw affects all supported versions of Windows, except Windows Vista and Windows Server 2003 Service pack 2.

Three other patches, fixing critical flaws in Excel and Internet Explorer should also be given priority, said Amol Sarwate, manager of Qualys Inc.'s vulnerability research lab. Those updates are MS07-044, MS07-045 and MS07-050.

These desktop applications are generally "the weakest link" in corporate security and are increasingly being targeted by attackers, Sarwate said.

All of the vulnerabilities patched Tuesday affect some components of the desktop, Sarwate noted. None of the bugs patched Tuesday had been publicly disclosed, he said.

Other critical updates relate to the XML Core Services used by Internet Explorer to process XML (Extensible Markup Language) pages and the Object Linking and Embedding (OLE) technology used by some Windows applications.

The less-critical updates fix bugs in the Windows Media Player, Microsoft Virtual PC and Virtual Server, and in Windows Gadgets.

With 50 security updates now released, Microsoft has kept pace with last year's patch output. By August of 2006, Microsoft has issued 51 updates.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags MicrosoftPatch Tuesday

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.​

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments