Patch Tuesday brings three critical updates

Stephen Withers
Wednesday, 14 July 2010 11:43

Business IT - Security

As foreshadowed, Microsoft released four security bulletins overnight. One affects Windows 7 and three are rated critical.

July's Patch Tuesday is a quiet affair, with Microsoft issuing two bulletins for Windows and two for Office.

The previously disclosed critical vulnerability in Windows Help and Support Center has now been fixed. A maliciously crafted web page or link in an email message could have been exploited to trigger remote code execution. This issue affects Windows XP and Windows Server 2003, but is only rated low on the latter.

Microsoft warns that this vulnerability is being actively exploited.

The other critical Windows issue - which had also been publicly disclosed - concerns the Canonical Display Driver (cdd.dll) in Windows 7 for x64 systems and Windows Server 2008 R2 for x64 systems. Microsoft officials said that despite the critical rating on Windows 7, exploits are more likely to cause an attacked system to restart rather than allowing remote code execution. The issue is only rated important on Server 2008 as the vulnerability depends on Aero being enabled and it is not installed by default on that OS.

The Office patches relate to Access and Outlook.

A critical issue in Access 2003 and 2007 concerns vulnerabilities in ActiveX controls that could allow remote code execution if a maliciously crafted web page or Office file was opened.

What else has been updated? Please read on.