05:16:49 pm on February 14, 2007 |
It’s that time again–time to get your patches on, and to do so quickly. Microsoft yesterday hosted the biggest Patch Tuesday event of the young year when it posted 12 security fixes for 20 security flaws in its products. Seven of the patches addressed zero-day flaws that have been used to launch attacks across the Internet in recent weeks, and there was even a patch fixing Microsoft’s security tools, which could have automatically triggered the exploit with no interaction from the user.
We’ll start with the six critical patches. Microsoft Security Bulletin MS07-008 fixes the critical HTML Help ActiveX Control vulnerability that could enable a hacker to take total control over a computer running Windows 2000 Service Pack 4 (SP4), all 32-bit and 64-bit versions of Windows XP and XP SP2, and all versions of Windows Server 2003. Microsoft says this was a newly disclosed, privately reported vulnerability, and that it’s not aware of any current Web attacks exploiting the flaw, which Microsoft credits Breakingpoint Systems with helping to track down.
Microsoft Security Bulletin MS07-009 fixes the critical and previously disclosed Windows MDAC ActiveX Vulnerability. This is a potentially nasty remote-execution vulnerability that affects select products, including Windows 2000 SP4, Windows XP SP2, Windows Server 2003, and the Itanium version of Windows Server 2003 (but not Windows Server 2003 SP1 or any of the X64 versions of Windows). The French Security Incident Response Team first spotted the flaw, Microsoft says.Advertisements