Security Market Segment LS
Wednesday, 13 July 2011 08:45

Microsoft Patch Tuesday: four security bulletins

By

Microsoft has issued just four security bulletins this month, and only one is regarded as critical. A total of 22 vulnerabilities are addressed.


As foreshadowed, Microsoft has released four security bulletins this month. Windows and Visio are affected, but only one of the bulletins is rated critical and even that has limited applicability.

The critical bulletin affects Windows 7 and Vista. A vulnerability in the Windows Bluetooth stack means a series of maliciously crafted Bluetooth packets could be used to trigger remote code execution.

Vista SP1 is only affected if the Windows Vista Feature Pack for Wireless has been installed, and in any case affected operating systems are only vulnerable if Bluetooth hardware is installed. It still makes sense to apply the patch to affected versions of Windows in case a USB Bluetooth adaptor is ever plugged in.

Although the issue is regarded as critical, Microsoft's Security Research Center believes it will be difficult to build a reliable exploit for remote code execution and that denial of service (crashing) is a more likely outcome.

July's second bulletin addresses 15 vulnerabilities in Windows kernel-mode drivers, some of which could be used to gain elevated privileges. The bulletin is rated important, and all currently supported versions of Windows are affected, including Server Core installations of Windows Server 2008.

Please read on for details of the remaining Windows and Office patches.




Also rated important is a bulletin covering five privilege-escalation vulnerabilities in Windows' Client/Server Run-Time Subsystem. Again, all currently supported versions of Windows are affected.

All of the Windows vulnerabilities addressed this month were disclosed privately or discovered within Microsoft.

The final bulletin for the month addresses a publicly disclosed vulnerability in Visio. It concerns an attack vector that we've seen mentioned in other security bulletins in recent months: a maliciously crafted library file located in the same network directory as a legitimate Visio file opened by the user.

The only currently supported version affected is Visio 2003 SP3, but Microsoft has warned that Microsoft Update or Windows Update may offer the update on systems that do not have Visio 2003 installed.

Microsoft has also released updates addressing non-security issues in Windows 7, Vista, Server 2008 (including R2), and Windows Embedded DStandard 7, along with new versions of the Malicious Software Removal Tool and the Windows Mail Junk E-mail Filter.

 


Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.

CLICK HERE!

WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.

REGISTER HERE!

BACK TO HOME PAGE
Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News