Bumper bundle of Windows updates includes Vista patches

Stephen Withers
Wednesday, 11 June 2008 10:22

Business IT - Technology

The DirectX update also patches two bugs, and is rated critical for DirectX 7, 8, 9 and 10 on all currently supported versions of Windows except Server Core installations of Windows Server 2008.

The first is triggered by the playback of a maliciously crafted MJPEG video stream in an AVI or ASF file. A successful exploit gives the attacker full control of the system, and could be conducted by embedding such a file in a web page or attaching it to an email.

(Microsoft isn't the only company still having problems with malicious media files - Apple this week updated QuickTime to address similar issues in the handling of other types of file.)

The important bulletins cover a WINS vulnerability affecting Windows 2000 and Server 2003; an Active Directory issue on Windows 2000, XP, Server 2003 and Server 2008; and a pair of vulnerabilities in the (apparently rarely used) Pragmatic General Multicast protocol on XP, Server 2003, Vista and Server 2008

Since PGM is disabled by default on all versions of Windows that support it, that flaw is unlikely to be a concern for most users. But it may be wise to apply the patch anyway, in case the protocol is activated at a later date.

The final bulletin for June is a cumulative update of ActiveX kill bits to protect against a potential remote code exploit via a vulnerability that exists when Internet Explorer and speech recognition are both in use.

The vulnerability is rated moderate on Windows 2000, XP and Vista, and low on Server 2003 and 2008.

Microsoft has also updated the Malicious Software Removal Tool, the Windows Mail junk email filter, Windows Media Center for Vista (multiple bug fixes), and an XP update to help stave off the widely-reported issue that occurs when installing SP3 on a non-Intel based system.