Australian IT JOBS : Sydney IT jobs, UNIX jobs, Linux jobs, Java jobs, ASP jobs Linux.conf.au Linux.conf.au
Technology news and Jobs arrow Information Technology News arrow December Patch Tuesday: 3 bulletins critical, 4 important
December Patch Tuesday: 3 bulletins critical, 4 important PDF Print E-mail
Written by Stephen Withers   
Wednesday, 12 December 2007
Microsoft's security bulletins for December affect all currently supported versions of Windows.
This month's critical vulnerabilities were found in DirectX, Windows Media Format Runtime, and Internet Explorer. All three have the potential to allow remote code execution.

The DirectX issue is a longstanding one, affecting all currently supported versions of Windows (from 2000 to Vista) and versions 7.0, 8.1, 9.0c and 10.0 of DirectX itself. A maliciously crafted streaming media file can trigger the execution of code delivered within the media. It appears to be related to a DirectShow vulnerability that was patched in 2005.

The Windows Media vulnerability also involves code execution triggered by a maliciously crafted file.

The Internet Explorer update patches four vulnerabilities, the most serious of which allows remote code execution when visiting a maliciously crafted web page.

The effects of all the above issues is reduced if the user does not have administrative rights.

THe remaining vulnerabilities addressed this month all have a maximum rating of Important.

Vista's gets an updated kernel to overcome a privilege escalation vulnerability plus a patch for SMBv2 to block a remote code execution issue. Windows 2000 and XP get a fix for a vulnerability in the Message Queueing Service.

Finally, the previously disclosed Macrovision SECDRV.SYS vulnerability allowing privilege escalation under XP and Server 2003 has been fixed.

The usual updates for the Malicious Software Removal Tool and the Windows Mail Junk E-mail Filter were also issued.

Non-security items released include an XP patch that improves the performance of web sites using AJAX, a Daylight Saving Time update, and bug fixes for Windows Live Writer.

Tags See All Tags


Software  Stephen Withers  Support and maintenance  Vista  Windows  browsers  microsoft  security 

Get stories like this delivered daily - FREE - subscribe now
When you subscribe get a 12 months license for LiveProject
Valued at $99 USD


LiveWire - Desktop alerts Download the FREE iTWire desktop alert widget LiveWire - Desktop alerts


Del.icio.us!
 
< Prev   Next >

Latest jobs

JobsWire Technology Jobs in Melbourne
Active Directory  Apache  Software Architect  C#  C++  Cisco  Citrix   Cognos  Coldfusion  CRM  Crystal Reports  Software Development  ERP  HTML  IBM  IT Infrastructure  ITIL  J2EE  Java  LAN/WAN  Linux  Lotus Notes  MS Project  .NET  Oracle  SDLC  SQL  IT Support  IT Training  UAT  UML  Unix  XML
  JobWire - IT Jobs
Contact , Register , Advertise with iTWire , Links , Register , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging
Industry Releases , Submit your release now , Start submitting to iTWire , How to post video