Bumper bundle of Windows updates includes Vista patches

Stephen Withers
Wednesday, 11 June 2008 09:22

Business IT - Technology

June's Patch Tuesday has brought a substantial crop of updates for Windows, including three critical patches for Vista =and other versions, calling into question Microsoft's "secure by design" claim for its latest operating system.

The three most serious flaws concern Bluetooth, Internet Explorer and DirectX.

The Bluetooth issue affects XP (SP2 and SP3) and Vista. An attacker could trigger the flaw by generating a large number of service description requests. A successful exploit would give complete control of the system.

Microsoft officials say the vulnerability is less serious than the critical rating would normally imply. This is due to the shortrange nature of Bluetooth and because there is a small window of opportunity to place the necessary data in the target computer's memory after triggering the bug.

"Based on our investigation, a single-processor machine is unlikely to be affected by this issue," they said.

The Internet Explorer patch updates a pair of vulnerabilities. One allows a maliciously crafted web page to corrupt memory allowing the execution of arbitrary code, the other allows a malicious page to read data from another domain.

The update is rated critical for IE6 SP1 on Windows 2000 and XP, and IE7 on XP and Vista. It is rated important for IE5 on Windows 2000, and moderate for combinations of currently supported versions of Internet Explorer and Windows.

What else has been fixed? Please read on.