On mySimon: Flip Ultra HD Pocket Digital Camcorder
BNET Business Network:
BNET
TechRepublic
ZDNet
32 TalkBacks

By Joris Evers
Posted on ZDNet News: Dec 12, 2006 8:37:00 PM

Microsoft on Tuesday released seven security updates with patches for 11 security vulnerabilities, most of which affect the Windows operating system.

The software maker originally planned to release only six security bulletins as part of its monthly patch cycle. However, it added a seventh to deliver a fix for two flaws that affect the Windows Media Format, including one zero-day bug, a company representative said in a statement.

Microsoft also provided a patch for a zero-day vulnerability that affects Visual Studio 2005 developer tools. This security hole was disclosed last month and, contrary to the Windows Media issue, has already been used in cyberattacks, the company said.

However, there were no fixes Tuesday for a pair of known flaws in Microsoft Word that are also being exploited in malicious software.

"While we see Microsoft making an attempt to patch zero-day vulnerabilities, they are still struggling to keep up with the continuous influx of zero-day attacks," said Amol Sarwate, a research manager at vulnerability management company Qualys. "Microsoft is making a genuine effort. However, users are still exposed to attacks via the unpatched Word vulnerabilities."

Particulars of patches
The Windows Media issues are addressed in bulletin MS06-078, one of three "critical" security updates published by Microsoft on this "Patch Tuesday." The other high-risk vulnerabilities lie in Internet Explorer and in Visual Studio 2005.

Somebody could exploit the Windows Media flaws by tricking a user into opening a rigged media file or stream, Microsoft said. "An attacker who successfully exploited this vulnerability could take complete control of an affected system," it said.

Four vulnerabilities in Internet Explorer expose Windows PCs to a similar risk. Somebody could exploit the holes in the Web browser creating a malicious Web site, Microsoft said. None of the IE flaws had been previously disclosed, it said.

Deemed less serious by Microsoft are problems that affect the Windows Simple Network Management Protocol service, the Windows Client-Server Run-time Subsystem and the Windows Remote Installation Services, the company said. These were all rated "important"--one notch less serious than Microsoft's highest rating of "critical."

A vulnerability in the Outlook Express mail client was also tagged as "important."

Though Microsoft rates the SNMP flaw "important," it should still be considered very serious for business users, said Gunter Ollmann, director of IBM Internet Security Systems' X-Force unit.

"Although SNMP is not a default service, it is the de facto standard for monitoring critical business assets," Ollmann said in an e-mailed statement. "Because SNMP uses user datagram protocol, which doesn't require a handshake, internal attackers can spoof an identity and gain complete control of the network."

Microsoft offers a summary of its patches on its Web site. The fixes will be delivered via Automatic Updates in Windows and are available on Microsoft's Web site.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 32 Talkback(s)
Internet Marketing Zero Day Media
Microsoft Windows Media Player is cool and dandy, but I was looking for Zero Day Media : http://zerodaymedia.com .... (Read the rest)
Posted by: Internet Marketing Posted on: 02/08/09 You are currently: a Guest | | Terms of Use
Side affect of DRM?  SpikeyMike | 12/12/06
It's because Office prompts you before opening  PB_z | 12/12/06
That dog doesn't hunt!  SpikeyMike | 12/12/06
Question  NonZealot | 12/12/06
Lol...you make a good point...they take it one step further...  techboy_z | 12/12/06
It doesn't just crash the player  seanjerome@... | 12/12/06
Well, well, well...  zkiwi | 12/12/06
HAHAHAHAHA!!!!!  NonZealot | 12/12/06
The exploits were...  zkiwi | 12/12/06
Thanks for providing another link that proves you wrong  NonZealot | 12/12/06
For those interested in laughing some more  NonZealot | 12/12/06
For those interested in laughing some more  tealcat | 12/12/06
Hey zkiwi... I mean tealcat  NonZealot | 12/12/06
So now you are imagining even more things  zkiwi | 12/12/06
Idiot!  SpikeyMike | 12/13/06
Re:Idiot!  Scrat | 12/14/06
It prompts before opening from the web  PB_z | 12/12/06
just remember, the common eye dee ten tee error  nix_hed | 12/13/06
The same thing happened  Michael Kelly | 12/12/06
DRM - The new Microsoft Money.  nix_hed | 12/13/06
Honestly I wouldn't mind paying more  Michael Kelly | 12/13/06
Cat out of Back door  not of this world | 12/12/06
Win Media Flaw  puppadave | 12/12/06
DANG! I'm about ready to hide in a cave in TORA BORA!  Jeff Hayes | 12/12/06
I heard that if you find Osama  nix_hed | 12/13/06
Microsoft Patch attempt #7955  linuxiac | 12/13/06
Another Linux fanatic who apparantly cannot read...  Scrat | 12/14/06
What about the software controlling your bank account  Boot_Agnostic | 12/14/06
Almost any crash is a potential exploit  Resuna | 12/15/06
Windoz Media Mania  DadsDrive | 12/16/06
Apple's Quickslime so much better  Boot_Agnostic | 12/16/06
Internet Marketing Zero Day Media  Internet Marketing | 02/08/09

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here