Microsoft patches six bugs

Posted on Wednesday, October 10 2007 @ 15:53 CEST by Thomas De Maesschalck
Microsoft unveiled six security updates today; 4 critical and 2 important ones.
  • Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)
    This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in the way that the Kodak Image Viewer, formerly known as Wang Image Viewer, handles specifically crafted images files. The vulnerability could allow an attacker to remotely execute code on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  • Security Update for Outlook Express and Windows Mail (941202)
    This critical security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution due to an incorrectly handled malformed NNTP response. An attacker could exploit the vulnerability by constructing a specially crafted Web page.

  • Cumulative Security Update for Internet Explorer
    This critical security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerability with the most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  • Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)
    This security update resolves a privately reported vulnerability in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file with a malformed string. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  • Vulnerability in RPC Could Allow Denial of Service (933729)
    This important update resolves a privately reported vulnerability. A denial of service vulnerability exists in the remote procedure call (RPC) facility due to a failure in communicating with the NTLM security provider when performing authentication of RPC requests.

  • Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007
    Could Result in Elevation of Privilege Within the SharePoint Site (942017) This security update resolves a publicly reported vulnerability in Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007. The vulnerability could allow an attacker to run arbitrary script that could result in elevation of privilege within the SharePoint site, as opposed to elevation of privilege within the workstation or server environment. The vulnerability could also allow an attacker to run arbitrary script to modify a user’s cache, resulting in information disclosure at the workstation.
  • You can get the updates through Windows Update.


    About the Author

    Thomas De Maesschalck

    Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



    Loading Comments