Have You Already Fixed Vulnerabilities With Microsoft's Patches?

If your computer system has been recently hit by at least one of the dangerous flaws Microsoft has just patched recently, you might want to catch your breath because their is a solution available.

On Tuesday, software giant Microsoft released six security bulletins repairing upwards of 15 vulnerabilities within Windows and MS Office. The bulletins include a critical patch for holes in the Windows, Windows Server and Microsoft Office components that could enable a hacker to take control of a vulnerable computer. Three of the bulletins are rated 'critical' and another three are rated 'important'.

For one of the critical bulletins, affecting the Kernel-Mode Drivers, Microsoft recommends take as a priority is the most important patch, MS09-065. The Windows kernel vulnerability could be used to create a Web page or MS Office document with a malicious Embedded OpenType (EOT) font produced to exploit the remote code on systems that visit the page and view the EOT font. The patch is labeled 'critical' for Windows 2000, XP and Server 2003, and 'important' for Vista and Server 2008. Proof-of-concept code already is publicly available to start drive-by attacks. Microsoft states that consistent exploit code is expected.

The two other critical patches fix flaws in Web Services on Application Programming Interface (WSDAPI) and in License Logging Server. Two bulletins repair vulnerabilities in the way that Windows Vista and Windows Server 2008 search for connected devices such as cameras and printers that could be used by attackers to install malicious software programs. These particular vulnerabilities set a risk of remote code execution if a user opens a malicious Excel or Word file.

By using the vulnerability in WSDAPI, a malicious packet sent across the network could produce the flaw, but the attacker would have to be on the same local subnet, and then most likely only if the affected system is not protected by a firewall. With the help of the flaw in License Logging Server, a vulnerable system could be corrupted by a malicious network message, but differently from the WSDAPI vulnerability, an attack against this flaw wouldn't have to be initiated from the same local subnet.

Software affected by the patches involve: Windows 2000, XP, Server 2003, Vista, Server 2008, Office XP, Office 2003, 2007 Microsoft Office System, Office 2004 for Mac, and Office 2008 for Mac. For now, Windows 7 and Windows Server 2008 R2 are not affected by these vulnerabilities. Therefore, users can stay calm at least for a while. Updates are available through Automatic Updates or through the Windows Update Website.