News

7 Fixes for Final Patch Tuesday of 2007

Microsoft's last Patch Tuesday release of 2007 is a big one -- seven fixes, with three of them deemed "Critical" and four labeled "Important."

Microsoft's last Patch Tuesday release of 2007 is a big one -- seven fixes, with three of them deemed "Critical" and four labeled "Important."

The three critical bulletins all address vulnerabilities related to remote code execution (RCE), a reccuring patch theme for Microsoft throughout this year.

The first critical patch will mainly affect all versions of Direct X, essentially a cluster of application programming interfaces (APIs) used to run multimedia functions in Windows Media Player and video game platforms.

The second Critical item complements the first patch in that it would keep RCE exploits at bay in all versions of Media Format Runtime on every modern version of Windows server and desktop OSes, including XP and Vista.

The last Critical fix would in theory mitigate the risks RCE exploits pose in all versions Internet Explorer (IE), though certain versions of IE 6 and 7 are listed in Redmond's advanced bulletin as only having moderate ratings, despite the critical designation.

Although there's no indication if this patch is a direct follow-up to a security advisory Microsoft released Monday, it's clear that security holes in IE will continue to be a concern for the software giant.

Meanwhile, all four Important fixes are confined to XP and Vista. Half deal with RCE concerns and the other half with elevation of privilege at the OS level where a hacker can modify, upgrade or increase entry and command parameters on the system with the potential to become a "superuser."

The first Important patch affects Vista and Vista x64 versions and also addresses RCE concerns, while the second affects Windows Server 2000 SP 4 and XP SP3.

The third Important tweak would stop elevation of privilege execution, in all versions of Vista. The last one patches up holes that could allow for local or client side elevation of privilege in all versions of XP, and every iteration of Windows Server 2003 except the Itanium versions.

Five of the seven patches will require a restart; the remaining two may require restarts in "certain situations," according to Microsoft.

Microsoft also plans to release six non-security, high-priority updates on Microsoft Update and one non-security, high-priority update for Windows on Windows Update.

The patch count as well as the nature of each patch is still subject to change, but if the advance bulletin is any indication, IT pros will have a snowstorm of issues to consider in what looks to be a pretty busy Tuesday ahead of the Christmas break.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.

  • Report: Security Initiatives Can't Keep Pace with Cloud, AI Boom

    The increasingly fast adoption of hybrid, multicloud, and AI systems is easily outgrowing existing security measures, according to a recent global survey by the Cloud Security Alliance (CSA) and exposure management firm Tenable.