Microsoft Releases 15 Security Patches
Patch Tuesday brought us several major security patches.
“Microsoft released six updates to address various issues across its products on Tuesday, including four which were rated critical, and three that affected Windows Vista. The first is an important fix that addresses two issues within Microsoft’s Visio product. The first is a remote code execution vulnerability in how the product handles a specially-crafted version number within a Visio file. The other revolves around an issue in how Visio handles parsing of packed objects. In either case, a user would have to open an attachment from an e-mail or visit a specially crafted website, the advisory states. Next comes a critical fix for issues within the Schannel security package which enables the SSL and TLS authentication protocols. Microsoft says that Windows 2000, XP and Server 2003 all have issues with how the OS validates server-sent digital signatures. Vista is the target of a flaw rated “moderate,” that could lead to information disclosure. According to the Microsoft advisory, non-privileged users could access local user information including administrative passwords which could then be used to gain complete access to the system.”