Menu
Microsoft releases seven security patches

Microsoft releases seven security patches

As part of its monthly roundup of security patches for July, Microsoft has released seven bulletins detailing fixes for vulnerabilities in a wide range of its products.

Five of the bulletins address critical vulnerabilities, while two provide fixes for less severe flaws. Among the critical flaws disclosed are two that exist on the server side.

One in the Windows Server Service could allow hackers to remotely execute code on compromised systems. The other critical server flaw involves the Window Dynamic Host Configuration Protocol Client Service. It, too, could result in remote code execution, according to Microsoft.

"DHCP is a communication protocol that allows administrators to centrally manage and automate the assignment of Internet Protocol (IP) addresses in an organisation's network," security vendor, Symantec, said in an advisory after the updates were announced.

"Therefore, one compromised system could affect others connected to it on the same physical network," the advisory said, adding that users of Windows 2000, Windows XP and Windows Server 2003 might be affected by the flaw.

Meanwhile, the updates for client-side vulnerabilities included one that addresses several vulnerabilities in Microsoft Excel and another that fixes two flaws in Microsoft Office. The third critical client-side update details fixes for two holes in Microsoft Office Filter that could allow attackers to remote-compromise vulnerable systems.

Easily the most serious of the flaws disclosed was the one affecting the Server Service, director of vulnerability research at nCircle Network Security, Mike Murray, said. The service basically allows computers to communicate with each other.

The flaw allowed attackers to potentially send malformed communications over Ports 455 or 139 and let them take complete control of vulnerable systems, he said.

The DHCP flaw was also serious, but required the attacker to be on the same network as the vulnerable system, Murray said.

Meanwhile, the updates provide another indication of growing client-side security threats, manager of vulnerability management at Qualys, Amol Sarwate, said.

"This trend of client side vulnerabilities - where attackers are creating malformed image files or Excel files that are sent to users via email or hosted on websites - has been increasing since the beginning of this year," he said.

Over the past month, Microsoft has investigated a number of issues related to Excel and Office, following reports that hackers had launched a targeted attack against an unnamed government contractor by taking advantage of a bug in the Excel spreadsheet software.

The seven patches will keep administrators busy, although not so busy as in June. Last month, Microsoft released 12 security updates.

Robert McMillan, of the IDG News Service, contributed to this report.


Follow Us

Join the newsletter!

Error: Please check your email address.
Show Comments