Microsoft to patch serious zero-day flaw, fix display driver bug

Microsoft plans to release four bulletins, next week, repairing an actively targeted Help and Support Center zero-day vulnerability in Windows XP and a display driver error.

Microsoft plans to fix an actively targeted zero-day flaw in its Web-based Help and Support Center and plug a display driver bug that could allow remote execution.

In its advance notification issued today, the software giant said it would issue four bulletins, three critical, repairing vulnerabilities in Windows and Microsoft Office. The repairs are part of the software giant's regularly scheduled Patch Tuesday security bulletins, scheduled for release July 13.

Microsoft warned last week that it was detecting an increase in attacks targeting a vulnerability in Windows Help and Support Center, a Web-based feature that provides technical support to users. The flaw affects users of Windows XP and Windows Server 2003. The flaw was disclosed last month by Google engineer, Tavis Ormandy, a bug hunter known for finding kernel-level operating system coding errors. Not long after the disclosure, thousands of exploits surfaced attempting to target the vulnerability.

Microsoft security bulletins:
June - Microsoft emphasizes three critical updates on patch-heavy Tuesday During a Patch Tuesday full of almost a dozen bulletins and 34 vulnerabilities, Microsoft told customers to focus especially on three critical updates.

A security advisory was issued in May for a vulnerability in the Windows Canonical Display Driver, which handles graphics and DirectX drawing in games and other software programs. The flaw affects Windows 7 and Windows Server 2008 systems. Microsoft caused the threat posed by the vulnerability minimal. By exploiting the flaw, an attacker could cause a system to crash and restart.

In addition, three other vulnerabilities affecting Office 2003, and Office 2007 will be addressed by Microsoft. In addition, Microsoft warned that July marks the end of Microsoft support for the Windows 2000 and Windows XP SP2 platforms.

In June, Microsoft issued 10 security bulletins, addressing 34 vulnerabilities in Windows, Microsoft SharePoint, Internet Explorer (IE), Internet Information Services (IIS), and the .NET Framework,

~Robert Westervelt

Dig deeper on Windows Security: Alerts, Updates and Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close