Wednesday, 12 December 2007 01:27

December Patch Tuesday: 3 bulletins critical, 4 important

Microsoft's security bulletins for December affect all currently supported versions of Windows.

This month's critical vulnerabilities were found in DirectX, Windows Media Format Runtime, and Internet Explorer. All three have the potential to allow remote code execution.

The DirectX issue is a longstanding one, affecting all currently supported versions of Windows (from 2000 to Vista) and versions 7.0, 8.1, 9.0c and 10.0 of DirectX itself. A maliciously crafted streaming media file can trigger the execution of code delivered within the media. It appears to be related to a DirectShow vulnerability that was patched in 2005.

The Windows Media vulnerability also involves code execution triggered by a maliciously crafted file.

The Internet Explorer update patches four vulnerabilities, the most serious of which allows remote code execution when visiting a maliciously crafted web page.

The effects of all the above issues is reduced if the user does not have administrative rights.

THe remaining vulnerabilities addressed this month all have a maximum rating of Important.

Vista's gets an updated kernel to overcome a privilege escalation vulnerability plus a patch for SMBv2 to block a remote code execution issue. Windows 2000 and XP get a fix for a vulnerability in the Message Queueing Service.

Finally, the previously disclosed Macrovision SECDRV.SYS vulnerability allowing privilege escalation under XP and Server 2003 has been fixed.

The usual updates for the Malicious Software Removal Tool and the Windows Mail Junk E-mail Filter were also issued.

Non-security items released include an XP patch that improves the performance of web sites using AJAX, a Daylight Saving Time update, and bug fixes for Windows Live Writer.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments