IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft highlights critical flaws with patch update

Microsoft's monthly patch release cycle is upon us again, bringing with it a series of critical patches that prevent malicious code hijacking Windows and Internet Explorer

Software giant Microsoft has released a total of six security bulletins this month, with four of them residing in the 'critical' category.

The first critical update (MS07-031) involves the Windows implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TSL) internet authentication protocols. It resolves a privately reported vulnerability in the Secure Channel (Schannel) security package in Windows.

In the worst case, the vulnerability could allow the remote execution of code, and it is believed it could form the basis of denial-of-service attacks.

The second critical fix is a cumulative update (MS07-033) for Internet Explorer (all supported versions).

Again, all five vulnerabilities could allow remote code execution if a user visited a specially crafted web page. According to Microsoft, this update modifies IE's handling of calls, error conditions, and special features, such as Language Pack Installation and Speech Control.

Outlook Express and Windows Mail are affected by bulletin MS07-034 - a specially crafted email could exploit a critical vulnerability in Windows Vista, again allowing remote code execution.

In response, Microsoft has updated the MHTML protocol handler in Windows so that it handles URLs more securely when redirections are involved. For Windows XP, however, the vulnerability is only rated as Important or Moderate. Users are advised to check the bulletin for exact details of the affected Windows XP software.

Finally, the last critical security update (MS07-035) resolves a privately reported vulnerability in a Win32 API function.

In addition to the remote execution of code this vulnerability allows elevation of user privilege. Internet Explorer is among the apps that use this particular function and is vulnerable to attack through a suitably crafted web page.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
Electrical explosion reported at Google's Iowa data centre
data centres

Electrical explosion reported at Google's Iowa data centre

9 Aug 2022