14 DAY TRIAL // The monthly patch cycle is a Microsoft tradition designed to deliver a coherent rhythm to the release of security updates. Microsoft, unlike Apple, makes security patches available on a monthly basis in contrast to those on demand. The benefits of this system come from the fact that users can schedule and plan the deployment of security updates from one month to another. This detail can especially be leveraged by corporate users. But there are also downsides according to Microsoft's scheduled security bulletins. In this context, exploits and attacks have come to traditionally follow hot on the heels of the patches released by the Redmond Company.
Although security updates are already available, there is still a window of attack until they are deployed. Attackers will speculate this and launch exploits in search of vulnerable machines before the updates have had a chance to be installed. The June 2007 updates are no exception to this rule. In fact, on June 12, the day Microsoft released six security updates addressing a total of 15 vulnerabilities, Ben Greenbaum, Symantec Security Researcher forecasted that exploits targeting the Schannel Security Package in various Windows editions, with the exception of Windows Vista, will come after the patch. "The Microsoft Windows Schannel Security Package is used to provide 128-bit strong encryption in Internet Explorer. An attacker can exploit a vulnerability in this package by enticing a victim into visiting a malicious web page. This vulnerability occurs during the processing and validation of server-sent digital signatures by the client application. Expect to see exploits for this added to the currently available browser attack toolkits in the near future," Greenbaum said.
Proof-of-Concept code for the Schannel Security Package vulnerability was made public placing Windows users at increased risk unless they patch immediately. But this is not the sole example. The Speech Control Memory Corruption flaw residing in Internet Explorer also has exploit code published.