Microsoft patches nine vulnerabilities for August

Posted by Mark Raby

Redmond (WA) - Microsoft has released its monthly security bulletin, this time fixing six critical and three important vulnerabilities in Windows, Office, and other software.

All six of the critical updates patch problems that would allow for remote code execution.  One patch deals with a problem with Microsoft XML Core Services, which could be attacked if a Windows computer is exposed to a malicious website.  There are two other vulnerabilities that could be exploited via a malicious website, which could attack a user running Internet Explorer.

Another update fixes a problem with Visual Basic, where an attacker could gain remote access through a specific Web code that went after the user's Object Linking and Embedding (OLE).  This problem also affects the Office For Mac software suite.

Another Office-related vulnerability that was patched fixed a problem that could have been exploited if a user downloaded a malicious Excel file.  

The last critical update resolves a vulnerability in the Windows Graphics Rendering Engine, wherein an attacker could gain remote access by creating a specially crafted image as an e-mail attachment.

The three important updates include one for Windows Media Player running in a Windows operating system.  A vulnerability there could be exploited for attackers to gain remote access through a malicious WMP file.

Another important update is a Vista exclusive, which deals with the OS's "Gadgets".  A vulnerability allowed attackers to create malicious files in the RSS Feed, Contacts, and Weater gadgets, which could lead to remote code execution.

The final important update fixes a problem that made it possible for users on Microsoft Virtual Server or Virtual PC to gain elevated privilege levels.