Redmond (WA) - Microsoft has released its monthly security bulletin, this time fixing six critical and three important vulnerabilities in Windows, Office, and other software.

All six of the critical updates patch problems that would allow for remote code execution.  One patch deals with a problem with Microsoft XML Core Services, which could be attacked if a Windows computer is exposed to a malicious website.  There are two other vulnerabilities that could be exploited via a malicious website, which could attack a user running Internet Explorer.

Another update fixes a problem with Visual Basic, where an attacker could gain remote access through a specific Web code that went after the user's Object Linking and Embedding (OLE).  This problem also affects the Office For Mac software suite.

Another Office-related vulnerability that was patched fixed a problem that could have been exploited if a user downloaded a malicious Excel file.  

The last critical update resolves a vulnerability in the Windows Graphics Rendering Engine, wherein an attacker could gain remote access by creating a specially crafted image as an e-mail attachment.

The three important updates include one for Windows Media Player running in a Windows operating system.  A vulnerability there could be exploited for attackers to gain remote access through a malicious WMP file.

Another important update is a Vista exclusive, which deals with the OS's "Gadgets".  A vulnerability allowed attackers to create malicious files in the RSS Feed, Contacts, and Weater gadgets, which could lead to remote code execution.

The final important update fixes a problem that made it possible for users on Microsoft Virtual Server or Virtual PC to gain elevated privilege levels.

Main Windows flaw

Aug 15, 2007 13:26     

I think the main problem stems from Windows letting any program control anything on the computer. Why would you design a OS where an Excel file could cause the computer to be taken over, seriously why would any OS allow that to be a possibility? The most that should happen is that Excel could be taken over, not the whole computer.
Nick report abuse vote down vote up Votes: +0