Security Market Segment LS
Wednesday, 13 July 2011 08:45

Microsoft Patch Tuesday: four security bulletins

By

Microsoft has issued just four security bulletins this month, and only one is regarded as critical. A total of 22 vulnerabilities are addressed.


As foreshadowed, Microsoft has released four security bulletins this month. Windows and Visio are affected, but only one of the bulletins is rated critical and even that has limited applicability.

The critical bulletin affects Windows 7 and Vista. A vulnerability in the Windows Bluetooth stack means a series of maliciously crafted Bluetooth packets could be used to trigger remote code execution.

Vista SP1 is only affected if the Windows Vista Feature Pack for Wireless has been installed, and in any case affected operating systems are only vulnerable if Bluetooth hardware is installed. It still makes sense to apply the patch to affected versions of Windows in case a USB Bluetooth adaptor is ever plugged in.

Although the issue is regarded as critical, Microsoft's Security Research Center believes it will be difficult to build a reliable exploit for remote code execution and that denial of service (crashing) is a more likely outcome.

July's second bulletin addresses 15 vulnerabilities in Windows kernel-mode drivers, some of which could be used to gain elevated privileges. The bulletin is rated important, and all currently supported versions of Windows are affected, including Server Core installations of Windows Server 2008.

Please read on for details of the remaining Windows and Office patches.




Also rated important is a bulletin covering five privilege-escalation vulnerabilities in Windows' Client/Server Run-Time Subsystem. Again, all currently supported versions of Windows are affected.

All of the Windows vulnerabilities addressed this month were disclosed privately or discovered within Microsoft.

The final bulletin for the month addresses a publicly disclosed vulnerability in Visio. It concerns an attack vector that we've seen mentioned in other security bulletins in recent months: a maliciously crafted library file located in the same network directory as a legitimate Visio file opened by the user.

The only currently supported version affected is Visio 2003 SP3, but Microsoft has warned that Microsoft Update or Windows Update may offer the update on systems that do not have Visio 2003 installed.

Microsoft has also released updates addressing non-security issues in Windows 7, Vista, Server 2008 (including R2), and Windows Embedded DStandard 7, along with new versions of the Malicious Software Removal Tool and the Windows Mail Junk E-mail Filter.

 


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments