14 DAY TRIAL // Microsoft has gone all out with a luxuriant display of security patches for a variety of its products as an integer part of the updates released on the company's monthly patch cycle. No less than nine security bulletins went live on August 14, a total of six being labeled with the maximum severity rating of Critical. The bulletins are designed to patch a total of 14 security holes in the Office suites, all the supported editions of the Windows operating system, the company's virtualization offerings and Internet Explorer. Considering the sheer volume of security updates, August is comparable only with the patch release of February 2007.
"This month Microsoft has released nine security bulletins. All of these vulnerabilities could let an attacker execute arbitrary code on an affected computer. All of the issues are also classified as "client-side vulnerabilities", meaning that they require some interaction on the part of the user for exploitation to occur. This will usually entail visiting a malicious Web page or opening a malicious file that is sent through email or other means," revealed David McKinney Symantec Security Researcher.
"The August release contains 9 new bulletins, 6 of which have maximum severities of "Critical". Additionally we are re-releasing one bulletin: MS07-038 - Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807) - This is a detection-only change, to address the situation where a missing Firewall Logging Directory would cause the update installation to fail. There's no change to the update binaries, so if you have already successfully installed this update, you do not need to reinstall it", stated a member of the Microsoft Security Response Center.
One important detail that has to be mentioned is that none of the vulnerabilities has been exploited in the wild. All the security flaws have either been privately disclosed to Microsoft or have been identified in the course of the company's investigations. But even though no exploits are currently targeting this collection of vulnerabilities, users should patch their software immediately. There is always the possibility that attackers could perform reverse engineering on the security patches even from the scarce information Microsoft is delivering, and come up with valid exploits. Below you will find a complete list with all the security patches available from Microsoft if you want to download them manually. Alternatively, you will be able to access the update via Windows Update.
- Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution - Vulnerability in OLE Automation Could Allow Remote Code Execution - Vulnerability in Microsoft Excel Could Allow Remote Code Execution - Cumulative Security Update for Internet Explorer - Vulnerability in GDI Could Allow Remote Code Execution - Vulnerabilities in Windows Media Player Could Allow Remote Code Execution - Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution - Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege - Vulnerability in Vector Markup Language Could Allow Remote Code Execution