iTWire - Two Vista bugs and 13 others squashed by June Patch Tuesday

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Information Technology News

Two Vista bugs and 13 others squashed by June Patch Tuesday

Two Vista bugs and 13 others squashed by June Patch Tuesday

E-mail

by Stephen Withers
Wednesday, 13 June 2007
Microsoft's six June security updates address a total of 15 vulnerabilities ranging in importance from 'critical' to 'moderate'. Two of the bulletins specifically cover Vista. Featured Whitepaper 5 Best Practices for Smartphone Support The Vista issues are a critical vulnerability in Windows Mail allowing remote code execution triggered by a maliciously crafted email, and a moderate issue that could allow non-privileged users to access administrative passwords and other data stored in the registry and the local file system. The other critical issues affect Windows' Secure Channel (Schannel) package, Internet Explorer, Outlook Express and an unspecified aspect of the Win32 API. All potentially allow remote code execution. Schannel provides SSL and TLS authentication. Microsoft states that an attempt to exploit this vulnerability would most likely cause the browser or other application to quit. The Internet Explorer issues affect versions 5 through 7, and five of them could permit remote code execution when exploited by maliciously crafted web pages. The other could allow spoofing. Interestingly, the Outlook Express vulnerabilities cannot be directly exploited from within that program. Instead, information may be disclosed when a maliciously crafted web page is displayed in Internet Explorer. The only 'important' bulletin covers an unspecified number of remote code execution flaws in Visio that can be triggered by opening maliciously crafted files. Remote code execution issues normally attract a critical rating, but this bulletin is apparently rated important as user action is needed for successful exploitation. A new version of the Windows Genuine Advantage Validation Tool must be installed before the other updates can be downloaded via Microsoft Update. Microsoft also re-released two previous bulletins covering issues with MFC and CMS. The revised MS07-012 bulletin includes Windows Server 2003 SP2 in the list of affected products, and the update associated with MS07-018 has been updated to accommodate copies of CMS 2002 installed in non-standard locations. Other updates released in tandem by Microsoft include new versions of the Outlook Junk Email Filter and the Windows Malicious Software Removal Tool.{moscomment} Tags See All Tags Malware Microsoft Security Stephen Withers Vista Windows Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Internet Security Predictions for 2010 from AVG (AU/NZ)

Frost & Sullivan Awards Websense Australian Secure Content Management Vendor of The Year

TANDBERG Awarded Australia Video Conferencing Vendor Of The Year By Frost & Sullivan

World Leader in IT Power Management Appoints Channel Partner for South Pacific

MicroStrategy Reporting Suite Provides Seamless BI Reporting for Microsoft Analysis Services

Thunderhead Appoints Phil Walker as Managing Director of Asia Pacific and Europe

Heathrow Airport Terminal 5 Live with Progress Software

...Promote your press-releases here

Latest jobs

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking