Microsoft Patch Tuesday: Fifteen down
Microsoft released nine security bulletins on Tuesday, August 14 that resolve fifteen security vulnerabilities in its products. Six of the security bulletins deal with ten security vulnerabilities that are considered to be critical.
A buffer overrun in the vgx.dll library could occur when rendering Vector Markup Language (VML) in Internet Explorer 5, 6 and 7 running under all the operating systems from Windows 2000 to Windows Vista. These critical vulnerabilities could allow an anonymous remote attacker to execute code remotely using specially crafted Web pages. The update to security bulletin MS07-050 resolves this problem.
In addition, a cumulative security update for Internet Explorer (MS07-045) resolves three security vulnerabilities. Two of them affect COM objects, which are not intended to be used in the browser, as well as one ActiveX control, which could affect the system status in a way that allows remote code to be executed. The vulnerabilities are rated critical for supported releases of Internet Explorer 5 and 6 and editions of Windows 2000 and Windows XP. The vulnerability for other supported operating systems, such as Windows Server 2003 is rated moderate, because ActiveX is not activated on a system by default. In Internet Explorer 7 on Vista and XP the security update is rated Important. Microsoft has resolved the problem by setting kill bits for the affected Active X controls, tblinf32.dll, vstlbinf.dll and pdwizard.ocx. The update also addresses a third vulnerability by modifying the way that Internet Explorer handles certain strings in Cascading Style Sheets (CSS), which could disrupt the memory management in Internet Explorer 5 under Windows 2000 and allow remote code execution.
Attackers could exploit a vulnerability in the XML Core Services 3, 4 and 6 for all supported editions of Windows 2000, Windows XP, Windows Vista, Microsoft Office 2003, and 2007 Microsoft Office System as well as in the XML Core Services 5 for Office 2003, Office 2007, the Office Sharepoint Server and the Office Groove Server 2007 to gain complete control of the system (MS07-042). Specially crafted script queries executed using Internet Explorer or HTML emails could disrupt memory management and allow remote code execution. The vulnerability is rated critical for all operating systems except Windows Server 2003.
Once again a remote code execution vulnerability exists in the Graphics Rendering Engine in the way that it handles specially crafted images. An attacker could exploit the vulnerability by sending such an image by email to execute his code from the attachment. The vulnerability, which is described in Security Bulletin MS07-046, affects Windows 2000, Windows XP and Windows Server 2003. Vista systems are not affected.
Another update resolves a vulnerability that could allow remote code execution if a user opens a specially crafted Excel file (MS07-044). This is a critical security update for supported editions of Microsoft Office 2000. For supported editions of Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2004 for Mac and the Excel Viewer 2003, this update is rated important. Security Bulletin MS07-043 resolves a critical vulnerability in Object Linking and Embedding (OLE) automation in Windows 2000, Windows XP, Office 2004 for Mac and Visual Basic 6, which could allow remote code execution if a user viewed a specially crafted Web page. Vista is not affected by the vulnerability.
Microsoft has also resolved two important vulnerabilities in all versions of Windows Media Player for all supported operating systems. These vulnerabilities occur when executing or decompressing specially crafted files (such as skins). The security update described in Security Bulletin MS07-047 resolves the vulnerability. Security Bulletin MS07-048 describes another security vulnerability in Vista Gadgets that is rated important. If a user subscribed to a malicious RSS feed in the Feed Headlines Gadget or added a malicious contacts file in the Contacts Gadget or a user clicked on a malicious link in the Weather Gadget an attacker could potentially run code on the system.
The vulnerabilities in Microsoft Virtual PC 2004, Office 2004 SP1, Virtual PC for Mac 6.1 and 7 as well as in Virtual Server 2005 and Virtual Server 2005 R2 could allow an administrative user in a guest operating system to run code on the host or another guest operating system. Security Bulletin MS07-049 explains that the vulnerability of a buffer overrun on the heap can be traced back to defective interaction and initialization of components in Virtual PC that communicate with the host operating system.
As in previous months, Microsoft has also released an updated version of its Malicious Software Removal Tool (MSRT), which checks computers for infections by specific, prevalent malicious software and helps remove any infection found. Microsoft resolved numerous as yet unknown security vulnerabilities on August's Patch Tuesday, but the known security vulnerability in the ActiveX control supplied with Microsoft Office 2003, Office Data Source Control 11, which it had been aware of for two months now has not yet been resolved.
Since exploits for the resolved vulnerabilities frequently surface shortly after Patch Tuesday, users should install the updates as soon as possible.
- Microsoft Security Bulletin Summary for August 2007, Overview by Microsoft
- Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
- Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)
- Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)
- Cumulative Security Update for Internet Explorer (937143)
- Vulnerability in GDI Could Allow Remote Code Execution (938829)
- Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)
- Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)
- Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
- Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)