Tuesday, January 17, 2017
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Airbus Could Build A 'Flying Car' This Year
Intel Unveils New Intel Responsive Retail Platform, Announces $100 Million Investment Plan
Raspberry Compute Module 3 Launched
SpaceX Sends Satellites into Orbit
LG Touts Safety Features OF G6 Smartphone
Nintendo Switch Coming In March For $299
YouTube Super Chat Lets You Pay to Pin comments On Live Streams
Samsung Adds New Capabilities And Categories To Their Mobile Alliance Program
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Microso...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, June 13, 2007
Microsoft Patches Six Security Flaws


Microsoft released a series of security patches on Tuesday, including four which were rated critical, and three that affected Windows Vista.

The four critical updates cover vulnerabilities in the Windows Channel Security Package and in Win32 API that could allow remote code execution, a Security update for internet Explorer and an update for Outlook Express and Windows Mail.

Vulnerabilities in the Windows Channel Security Package

This critical security update resolves a privately reported vulnerability in the Secure Channel (Schannel) security package in Windows. The Schannel security package implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using an Internet Web browser or used an application that makes use of SSL/TLS. However, attempts to exploit this vulnerability would most likely result in the Internet Web browser or application exiting. The affected software could be Windows 2000, Windows XP and Windows 2003.

Vulnerability in Win32 API

This critical security update resolves a privately reported vulnerability in a Win32 API. This vulnerability could allow remote code execution or elevation of privilege if the affected API is used locally by a specially crafted application. Therefore, applications that use this component of the Win32 API could be used as a vector for this vulnerability. For example, Internet Explorer uses this Win32 API function when parsing specially crafted Web pages. The affected software could be Windows 2000, Windows XP and Windows 2003.

Cumulative Security Update for Internet Explorer

This critical security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. All but one of these vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. One vulnerability could allow spoofing, and also involves a specially crafted Web page. In all remote code execution cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. For the spoofing case, exploitation requires user interaction. The affected software is IE 6 SP1, and IE7 running under Windows XP, Server 2003 or Vista operating systems.

Cumulative Security Update for Outlook Express and Windows Mail

This critical security update resolves two privately reported and two publicly disclosed vulnerabilities. One of these vulnerabilities could allow remote code execution if a user viewed a specially crafted e-mail using Windows Mail in Windows Vista. The other vulnerabilities could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer and cannot be exploited directly in Outlook Express. For the information disclosure vulnerabilities, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The affected software is Microsoft outlook Express 6 under Windows XP, and Server 2003. Vista owners should also install the update for Windows Mail.

Vulnerabilities in Microsoft Visio

This important security update resolves two privately discovered and responsibly reported vulnerabilities in addition to other security issues identified during the course of the investigation. The privately reported vulnerabilities could allow remote code execution if a user opened a specially crafted Visio file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. User interaction is required to exploit these vulnerabilities. The affected software is Microsoft Visio 2002 Service Pack 2 and Visio 2003 Service Pack 2.

Vulnerability in Windows Vista Could Allow Information Disclosure



This moderate security update resolves a privately reported vulnerability. This vulnerability could allow non-privileged users to access local user information data stores including administrative passwords contained within the registry and local file system.

For more information and downloads visit http://www.microsoft.com/technet/security/bulletin/ms07-jun.mspx.


Previous
Next
Fujifilm Introduces LabelFlash DVD Media to U.S. Market        All News        Google, Intel Launch Energy Efficiency Program
Google to Dump User Data After 18 Months     General Computing News      Flickr Goes International

Get RSS feed Easy Print E-Mail this Message

Related News
Microsoft, NXP Semiconductors, IAV and Auto Mobility Partners showcase Technologies For Safe And Personalized Automated Friving at CES 2017
Microsoft Partners with TomTom Mapping Company On Azure
European Commission Approves Acquisition of LinkedIn by Microsoft, Subject to Conditions
Microsoft Is Careful With New Chatbot Zo, Now Available For Testing
Microsoft Offers Grants to Organizations Working to Improve Affordable Internet Access
Microsoft Wants To Bring Something Different in The Smartphone Market
Microsoft's Solitaire Game Now Available On iOS And Android
Microsoft Joins The Linux Foundation, Google Embraces The .NET community
Microsoft Buys 237 Additional Megawatts of Wind Energy
Microsoft Introduces Chat-based Workspace in Office 365
Microsoft Identifies Russia-linked Hackers Exploiting Windows Flaw
Microsoft Researchers Reach Human Parity in Conversational Speech Recognition

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2017 - All rights reserved -
Privacy policy - Contact Us .