Monday, August 2, 2021

Many Critical Fixes From Microsoft

Microsoft’s monthly patch cycle was unusually large this month, with nine Security Bulletins addressing a total of 14 vulnerabilities. Eight of the fixes are listed as critical, the most important and severe issues. Four of the fixes are rated important and the final two are listed as moderate.

A particularly serious Bulletin is MS07-046, which addresses a remote code execution vulnerability in the Graphical Device Interface (GDI), which renders graphics and formats text. Since every application uses the GDI in one way or another, every Windows user is at risk for this exploit.

Another notable fix is MS07-048, which is rated as important. It addresses a number of vulnerabilities in Vista that could allow an anonymous remote attacker to run code with the privileges of Windows user.

What’s unique is the method of attack. The remote code execution could gain access to the computer through a malicious RSS feed in the Feed Headlines Gadget or by adding a malicious contacts file in the Contacts Gadget, or if a user clicked on a malicious link in the Weather Gadget.

Patch Tuesday for August is full of remote code execution fixes, such as MS07-042, a critical fix that prevents remote code execution from a specially crafted Web page that can attack Microsoft’s XML Core Services, while MS07-043 blocks malicious Web pages from attacking via the Object Linking and Embedding (OLE) layer in Windows.

Bulletin MS07-050, a critical fix, fixes a vulnerability in the Vector Markup Language (VML) used in Windows. The VML has seen its share of problems recently. Bulletin MS07-047 is an important fix for Windows Media Player.

This article was first published on InternetNews.com. To read the full article, click here.

Similar articles

Latest Articles

Data Belongs in the...

In 2012, IBM made an oft-quoted claim that 90 percent of the world's data has been created in the last two years. They grossly...

Google Cloud Rolling Out...

WASHINGTON, D.C. — Google Cloud is helping the government sector with zero trust. The set of services are designed to help U.S. federal, state, and...

CFOs Committing to Digital...

STAMFORD, Conn. — More CFOs are planning to increase their spending on digital than any other part of the business in 2021. Eighty-two percent of...

SAP and IBM Partnering...

WALLDORF, Germany and ARMONK, N.Y. — SAP and IBM are working together to help financial institutions accelerate cloud adoptions and “modernize operations.” SAP plans to...