14 DAY TRIAL // Seven new security bulletins from Microsoft have addressed no less than 18 vulnerabilities as a part of the company's monthly updates for July. Out of the vulnerabilities flawing Microsoft's products, five were deemed critical by the Redmond Company while just two were considered to be of a less severe level of important.
Critical: vulnerability in Server Service (917159); vulnerability in DHCP Client Service (914388); vulnerabilities in Microsoft Excel (917285); vulnerabilities in Microsoft Office Filters (915384)
Important: vulnerability in ASP.NET Could Allow Information Disclosure (917283); vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537); windows Malicious Software Removal Tool; Update for Outlook 2003 Junk Email Filter (KB919031)
Even the server side of Microsoft's products was affected by vulnerabilities. According to the Redmond Company both vulnerabilities could permit the exploitation of compromised systems via remote code execution. The two critical server flaws lay in the Windows Server Service and in the Window Dynamic Host Configuration Protocol Client Service and they are believed to affect Windows 2000, Windows XP and Windows Server 2003.
"DHCP is a communication protocol that allows administrators to centrally manage and automate the assignment of Internet Protocol (IP) addresses in an organization's network," security vendor Symantec Corp. said in an advisory. Therefore, one compromised system could affect other systems connected to it on the same physical network."
Excel takes the apex patches of the update package as it has collected a wide range of vulnerabilities the past month, followed by Office, but among the two they account for no less than 13 security holes.
With this new issued security updates, Microsoft has plugged 39 holes in its applications in the past two months. This is a negative record by any means enhancing speculations that the Redmond Company's future products, from Vista to Antigen, will be equally plagued by vulnerabilities, especially those that allow for remote code executions as it seems that they are once again in the spotlight.
"Remotely exploitable vulnerabilities can pose a serious threat to organizations because they do not require user interaction and can be attacked from across the Internet," Dave Cole, director of Symantec Security Response.