Article

Microsoft to patch serious zero-day flaw, fix display driver bug

SearchSecurity.com Staff

Microsoft plans to fix an actively targeted zero-day flaw in its Web-based Help and Support Center and plug a display driver bug that could allow remote execution.

In its advance notification issued today, the software giant said it would issue four bulletins, three critical, repairing vulnerabilities in Windows and Microsoft Office.

    Requires Free Membership to View

The repairs are part of the software giant's regularly scheduled Patch Tuesday security bulletins, scheduled for release July 13.

Microsoft warned last week that it was detecting an increase in attacks targeting a vulnerability in Windows Help and Support Center, a Web-based feature that provides technical support to users. The flaw affects users of Windows XP and Windows Server 2003. The flaw was disclosed last month by Google engineer, Tavis Ormandy, a bug hunter known for finding kernel-level operating system coding errors. Not long after the disclosure, thousands of exploits surfaced attempting to target the vulnerability.

Microsoft security bulletins:
June - Microsoft emphasizes three critical updates on patch-heavy Tuesday During a Patch Tuesday full of almost a dozen bulletins and 34 vulnerabilities, Microsoft told customers to focus especially on three critical updates.

A security advisory was issued in May for a vulnerability in the Windows Canonical Display Driver, which handles graphics and DirectX drawing in games and other software programs. The flaw affects Windows 7 and Windows Server 2008 systems. Microsoft caused the threat posed by the vulnerability minimal. By exploiting the flaw, an attacker could cause a system to crash and restart.

In addition, three other vulnerabilities affecting Office 2003, and Office 2007 will be addressed by Microsoft. In addition, Microsoft warned that July marks the end of Microsoft support for the Windows 2000 and Windows XP SP2 platforms.

In June, Microsoft issued 10 security bulletins, addressing 34 vulnerabilities in Windows, Microsoft SharePoint, Internet Explorer (IE), Internet Information Services (IIS), and the .NET Framework,

~Robert Westervelt


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: