Three critical Windows updates from Patch Tuesday

gallery

Microsoft has released seven patches that address a total of 11 vulnerabilities - two critical for Windows and one for Internet Explorer that is being actively exploited - as part of its December patch bulletin for 2007.

Alan Bentley, regional vice president of Lumension Security (formerly PatchLink) said: "This December Patch Tuesday will be no holiday for IT administrators. Following a light November, organisations need to get to grips with seven patches this month."

Critical patch MS07-069 affects versions 5.01, 6.0 and 7.0 of Internet Explorer (IE) and version 7.0 in Vista could allow remote code execution when a user views a malicious webpage.

Microsoft said it knew of hackers already exploiting this flaw and that user accounts configured to have fewer rights could be less impacted than those who operate with administrative user rights.

Bentley said administrators must pay particular attention to MS07-069 because it affect the entire IE user community. "The patch addresses how IE frees up used memory and offers hackers control of PCs," he said. "It is vital that organisations deploy this patch as quickly as possible because it affects a larger number of users than is typical."

The other two critical patches for Windows - MS07-064 and MS07-068 - can allow a hacker to remotely execute code on the compromised PC. MS07-064 tackles vulnerabilities in Microsoft's runtime environment, DirectX can allow the hacker to install malicious programs as well as view, change, or delete data and create new accounts with full user rights.

"MS07-068 could prove particularly troublesome for Windows Media users, as just by clicking on a seemingly harmless video a user could hand over control of their PC to a hacker," said Bentley. "Unfortunately, Christmas is the time of year that people wind down and share videos with their family and friends. Users must immediately apply this patch to avoid falling foul of this vulnerability."

Rated 'important,' bulletin MS07-063 was singled out because it exploits a new security code vulnerability that debuted in Vista. The packet signing technology, Server Message Block Version 2 (SMBv2) that allows two Vista machines to securely talk to one another ensures that the system is only receiving packets from an authorised participant in the conversation. But the flaw allows the attack to spoof packets in order to remotely execute code.

The other important patches are MS07-065, which could allow an attacker to remotely code execute in Microsoft Windows or raise privilege rights in Windows XP.

MS07-066 exploits a flaw in the Windows kernel that could enable a hacker to take over control of a Windows system, including installing programs, viewing, changing or deleting data and even creating new accounts that have full privileges.

And MS07-067 addresses a Macrovision driver vulnerability that again could allow a hacker to gain complete system control.

Email to a friend

Print this page