blob: 923ac3170d0ad02ad61a50782168e3718b5aed93 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
Yesterday was Microsoft's patch Tuesday and the company issued a number of security updates for both Windows Vista and XP users. June's release contains 6 new bulletins, 4 of which are listed as critical.
Together [the six patches][1] fix fifteen vulnerabilities found in a variety of Windows programs including Internet Explorer, Outlook Express, Windows Mail and Windows Vista.
While previous patches have been issued for Vista, yesterday's release marks the first time Microsoft has had to patch a flaw introduced by code in Vista. Pervious Vista patches applied to problems with legacy code. The [MS07-032 update][2] applies to Vista systems only and addresses a vulnerability in setting Access Control Lists, which could allow "information disclosure," as the Microsoft advisory puts it.
Perhaps the most serious flaw in June's batch of patches is a fix for a critical flaw in the SSL libraries used by Windows, which can be exploited via IE. The SSL vulnerability also affect non-Microsoft browsers like Firefox and Opera which call the SSL libraries included in the OS.
To update your system turn on the automatic update feature or head to the Microsoft Update site and downloading the patches by hand.
[1]: http://blogs.technet.com/msrc/archive/2007/06/12/june-2007-monthly-security-bulletin-release.aspx "June 2007 Monthly Security Bulletin Release"
[2]: http://www.microsoft.com/technet/security/Bulletin/MS07-032.mspx "Vulnerability in Windows Vista Could Allow Information Disclosure"
|
