Microsoft Remedies 14 Flaws in Nine Patches
Microsoft fixed a total of 14 flaws across 9 patches on Tuesday, with six of those patches reaching critical status. While the number of patches is far from the Redmond company's record, this month could prove difficult for administrators.
"This month's Patch Tuesday has headache written all over it," PatchLink's Paul Zimski commented. "Although this is not Microsoft's biggest Patch Tuesday in terms of number of patches, the details of the patches indicate a broad-spectrum of exposure."
Of the critical patches, all deal with remote code execution issues. The first patch fixes issues within the XML Core Services of Windows, while another corrects a memory corruption issue within the Object Linking and Embedding function in Windows, Visual Basic, and Office for Mac.
A third critical patch fixes a workspace memory corruption flaw within Excel, and issues in how the Graphics Rendering Engines handles specially crafted images have also been remedied.
Two critical patches for Internet Explorer were also released; one that fixes a buffer overrun vulnerability within Vector Markup Language, as well as a cumulative patch that contains three separate fixes for two ActiveX Object problems and a CSS memory corruption issue.
Three important patches are available as well: two for remote code execution issues and one that involves elevation of privilege. In addition, a fix for Windows Media player repairs two separate issues with the parsing and decompressing of skins used to change the look of the player.
Also fixed was an issue within Windows Vista concerning the "gadgets" feature. Microsoft says that malicious files could open the operating system up to remote code execution. Finally, a flaw in Virtual PC and Virtual Server that could result in elevation of privilege was also remedied.
"Organizations need to remediate these vulnerabilities as quickly as possible to avoid falling victim to quick turnaround exploits," Zimski said.