Stephen Withers
Wednesday, 11 June 2008 10:22
Business IT -
Technology
Page 1 of 2
June's Patch Tuesday has brought a substantial crop of updates for Windows, including three critical patches for Vista =and other versions, calling into question Microsoft's "secure by design" claim for its latest operating system.
The three most serious flaws concern Bluetooth, Internet Explorer and DirectX.
The Bluetooth issue affects XP (SP2 and SP3) and Vista. An attacker
could trigger the flaw by generating a large number of service
description requests. A successful exploit would give complete control
of the system.
Microsoft officials say the vulnerability is less serious than the
critical rating would normally imply. This is due to the shortrange
nature of Bluetooth and because there is a small window of opportunity
to place the necessary data in the target computer's memory after
triggering the bug.
"Based on our investigation, a single-processor machine is unlikely to be affected by this issue," they said.
The Internet Explorer patch updates a pair of vulnerabilities. One
allows a maliciously crafted web page to corrupt memory allowing the
execution of arbitrary code, the other allows a malicious page to read
data from another domain.
The update is rated critical for IE6 SP1 on Windows 2000 and XP, and
IE7 on XP and Vista. It is rated important for IE5 on Windows 2000, and
moderate for combinations of currently supported versions of Internet
Explorer and Windows.
What else has been fixed? Please read on.
LATEST HEADLINES FROM YOUR IT
