Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Microsoft Issues Patches for 15 Flaws

By Ed Oswald, BetaNews

June 12, 2007, 4:39 PM

Microsoft released six updates to address various issues across its products on Tuesday, including four which were rated critical, and three that affected Windows Vista.

The first is an important fix that addresses two issues within Microsoft's Visio product. The first is a remote code execution vulnerability in how the product handles a specially-crafted version number within a Visio file. The other revolves around an issue in how Visio handles parsing of packed objects.

In either case, a user would have to open an attachment from an e-mail or visit a specially crafted website, the advisory states.

Next comes a critical fix for issues within the Schannel security package which enables the SSL and TLS authentication protocols. Microsoft says that Windows 2000, XP and Server 2003 all have issues with how the OS validates server-sent digital signatures.

Vista is the target of a flaw rated "moderate," that could lead to information disclosure. According to the Microsoft advisory, non-privileged users could access local user information including administrative passwords which could then be used to gain complete access to the system.

Microsoft's new operating system is also vulnerable to critical flaws within Internet Explorer that has been issued as a cumulative security update. Altogether seven issues are addressed here, including COM object instantiation, CSS Tag, speech control, and uninitialized memory corruption flaws, plus language pack installation and navigation cancel page spoofing issues.

The issue would also affect Windows 2000, Windows XP, and Windows Server 2003.

The same operating systems are also vulnerable to issues with Outlook Express, which are addressed in a separate critical patch. Three separate information disclosure issues and a remote code execution vulnerability have been remedied.

Finally, a flaw in the Win32 API that puts users of Windows 2000, XP, and Server 2003 at issue for a code execution risk was fixed. A specially designed webpage can take advantage of this issue, Microsoft said in the advisory.

Add a Comment (32 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By foxfyre

posted Jun 14, 2007 - 1:55 AM

yawn

Score: 0

By alexweber15

posted Jun 13, 2007 - 10:41 AM

props to MS for continuing to update its products and fix exploits and bugs. nobody expected vista to be flawless but as far as I'm concerned there's no point in updating to vista yet

Score: 0

By ZenWarrior

posted Jun 13, 2007 - 10:40 AM

Okay, where is Office 2007 on my system and how do I get rid of it entirely? It's hidden there somewhere b/c M$ update sees and patches it. However, I cannot seem to find it.

This happens on only one of my three systems. The other two never had an OEM install of the OS.

Score: 0

By hiyoag

posted Jun 13, 2007 - 1:21 PM

I saw the same thing on two of the machines in my office. Turns out two jokers installed the Office 2007 compatability pack.

http://www.microsoft.com...1466&displaylang=en

Score: 0

By ZenWarrior

posted Jun 13, 2007 - 5:54 PM

Thanks, hiyoag.

The compatibility pack must have come preinstalled b/c I certainly never installed it and I'm the only person who uses the computer.

Again, your response is most appreciated.

Score: 0

By terminalx

posted Jun 13, 2007 - 10:10 AM

They did if you read the bulletins only 5 of them are for vista

Score: 0

By oubeaver

edited Jun 13, 2007 - 9:26 AM

I just can't stand people b****ing about the fact that Microsoft has to update their products on a monthly basis.

You all just don't get it.

They have the #1 operating system and office suite in the WORLD. Their products are under CONSTANT ATTACK from hackers and exploiters. Apple updates OSX and all Linux distros need updated regularly. But you don't hear people complaining about that. Oh yeah, its because they have less than 10% of the market combined.

And another thing...if these updates somehow do something damaging to your computer (like the previous post) then IT IS YOUR COMPUTER'S FAULT. You definitely have spyware or viruses or both. CLEAN YOUR COMPUTERS PLEASE.

dumba**es.

Score: 0

By guru_v

edited Jun 13, 2007 - 9:57 AM

Perhaps the others don't get attacked because they don't make statements of near invincibility.
They [we] must have so much spaghetti code in XP and IE that it takes a roadmap to patch this stuff.
MS is getting to be more and more like the ATI of the 90's...we don't ever really fix something, just apply band-aids, while we work on something new, that you are forced into adopting, as support for all your time and money evaporates [remember the original Mach 8 drivers? In the end, support was dropped, and you got told that you needed to by a Mach 32 card...that was the fix for your problems. Only it wasn't.]

Score: 0

By PC_Tool

posted Jun 13, 2007 - 4:27 PM

Perhaps the others don't get attacked because they don't make statements of near invincibility.

Give me a break. Both the Apple and linux camps have been making that claim for ages.

Score: 0

By eunichman

posted Jun 13, 2007 - 10:02 AM

whether #1 or #99999, when so many of the "attacks" are attacking the exact same thing, the remote code execution through com objects, you would think that the problem would be addressed at the root. I have been watching windows for YEARS of simular attacks. with vista we were "promised" all new code, a total re-write of windows (long overdue if you ask me, start from scratch and remake the wheel into something better than the same old wooden wheel with different layers of rubber added on over the top.

Score: 0

By grin2bear

edited Jun 13, 2007 - 7:15 AM

I have Win XP Home- I installed all relevant patches but to my dismay on re-booting I got an error message pertaining to Explorer. I re-booted several times to see if this message would disappear, but it never did. So I had to do a system restore, which promptly resolved this issue. I later downloaded the other patches pertaining to Office 2007, which appear to be OK. I don't think I shall be installing these XP critical patches anytime soon/ ever.

Score: 0

By cranbers

posted Jun 13, 2007 - 5:31 AM

I remember when microsoft was bragging that Vista would see the end of "patch tuesday" so much for that.

Score: 0

By frankwick

posted Jun 13, 2007 - 12:02 PM

I don't think MS ever made such a claim. I think Ballmer stated it may be one of the most, if not THE most, secure modern OS. But that did not imply there would never be patches. Where did you hear a claim that Vista would end patch Tuesdays????

Score: 0

By TomA102210

posted Jun 13, 2007 - 9:52 AM

"I remember when microsoft was bragging that Vista would see the end of "patch tuesday" so much for that."
-----------------------------------------------
That would be nice but I don't recall Microsoft saying that, personally.

Score: 0

By terminalx

posted Jun 12, 2007 - 10:19 PM

Didnt know where to put this but I found this application on tweak vista called 3d desktop manager that allows you to have 4 desktops up at one time in a cube formation kind of like beryl but not as many features but its a small painless download and works nice.

http://www.tweakvista.com/Article39150.aspx

Score: 0

By zridling

posted Jun 12, 2007 - 9:51 PM

Maybe Microsoft should update its EULAs to include their right to infect and expose your system to daily attacks. If it's Microsoft, it's patch day (every day)!

Score: 0

By Tenoq

posted Jun 12, 2007 - 11:48 PM

It's already in there, zridling; although not in so many words. :p

But who actually reads the EULA?

Score: 0

By Paradise-FH-

posted Jun 12, 2007 - 10:07 PM

OMEG THTS SO FUNY! LOLZ

Score: 0

By Paradise-FH-

posted Jun 12, 2007 - 10:08 PM

sorry, i thought we were all talking like retards. turns out it was just you.

Score: 0

By phenomnaruto

posted Jun 12, 2007 - 8:59 PM

Microsoft is keeping up with this its "little to none" security issues with its new OS ... nice.

Score: 0

By Tenoq

posted Jun 12, 2007 - 11:49 PM

Maybe they figure if they don't announce patches, everyone will think the OS is better. ;)

Score: 0

By xyzcb1

posted Jun 13, 2007 - 11:24 AM

Yeap. Do it Apple style. Release updates instead of patches. Another advantage is able to charge users for it too.

Score: 0

By terminalx

posted Jun 13, 2007 - 8:11 AM

They do announce patches and has been repeatedily said over and over that no OS is perfect, ALL Oses receive patches, MS never claimed patch tuesday would be over.

/PS stop trolling, it makes you look stupid.

Score: 0

By id242

posted Jun 12, 2007 - 8:42 PM

Finally!!! Some links to the article's details for Betanews' technical-readers.

Thank you - It's very much appreciated!
Good job Ed Oswald

Score: 0

By Second Shadow

posted Jun 13, 2007 - 10:45 AM

I second that. I like to pick on you, Ed, for grammatical reasons, but this is a very good article.

Score: 0

By Program86

posted Jun 12, 2007 - 5:15 PM

Yada Yada Yada, same old same old.

Score: 0

By frankwick

posted Jun 12, 2007 - 7:34 PM

I bet the second Tuesday of next month, we'll see a similar story.

Score: 0

By Heero

posted Jun 12, 2007 - 7:45 PM

Ahahahaa...

Quote of the day. =)

Score: 0

By CarLox

posted Jun 12, 2007 - 6:55 PM

yada yada yada??? same as mac maybe?? lol but at least if you are up-to-date then you are fine lmao

Score: 0

By Paul Skinner

posted Jun 12, 2007 - 5:54 PM

It's meant to be informative rather than amazing news.

Score: 0

By dougggg

posted Jun 12, 2007 - 8:37 PM

I guess we better all get Safari.

oops what did the previous article say?

Score: 0

By CarLox

posted Jun 13, 2007 - 6:35 PM

hahahaha lmao, that its too buggy

Score: 0

Dec 1 - 2:01 PM ET Chasing down the latest Cyber Monday tech deals

Dec 1 - 12:50 PM ET Will 'Cyber Monday' fare better than a weaker 'Black Friday?'

Dec 1 - 12:38 PM ET Microsoft Cashback goes offline to Black Friday shoppers

Dec 1 - 11:19 AM ET DTV broadcasters could make another transition to mobile next year

Nov 29 - 1:41 PM ET Teacher must still surrender license in bizarre 'exposure to porn' suit

Nov 26 - 9:19 PM ET Spambots edge back online post-McColo

Nov 26 - 9:17 PM ET Connecting the Black Friday dots: What to expect from CE retail

Nov 26 - 9:09 PM ET Google admits that its iPhone voice search breaks Apple's rules

Nov 26 - 5:15 PM ET Apple uses DMCA as a weapon against an open source iTunes hack

Nov 26 - 5:13 PM ET US DHS eases off its '10+2' import rules