Expected patch omitted from monthly security update.
Microsoft
has announced the contents of its monthly ‘Patch Tuesday’ security update release, with four ‘Critical’ and two ‘Important’ fixes pushed out to users of its operating systems and software. A fifth issue, labelled ‘Critical’ in the advance notification released last week, remains open as the expected patch has been held back to resolve issues discovered during final testing.
The critical patches cover single vulnerabilities in
Word
,
Outlook Express
/
Windows Mail
and
Kodak Image Viewer
, as well as a four separate problems found in
Internet Explorer
, one of which had been publicly disclosed as long ago as February. All could allow an attacker to execute code remotely on vulnerable systems. The less crucial fixes are for a possible denial-of-service vulnerability in the RPC system and a privilege escalation issue in
Sharepoint
.
Little detail has been released regarding the missing patch, except that it was withdrawn following a ‘quality control issue’. It seems likely that it will be kept back until next month’s Patch Tuesday. Of the vulnerabilities that have been fixed, at least two, the flaws in
Word
and
Sharepoint
, have had exploits made public or used in targeted attacks, according to
SANS
.
The full security bulletin detailing all the patches is
here
, with a
Microsoft Security Response Center
blog entry describing the changes to the scheduled release
here
.
Posted on 10 October 2007 by
Virus Bulletin
Leave a Reply