Microsoft Unleashes a Slew of Critical Fixes

UPDATED: This month’s Patch Tuesday release is yielding a bumper crop of critical fixes, as Microsoft has released 15 total fixes in six bulletins, with four of the six bulletins listed as critical.

Never to let a good opportunity go unexploited, scammers have been sending out a spam e-mail purporting to be from Microsoft, hoping to find a sucker who will click on the link in the letter. You won’t get the fixes, but you will get a Trojan, and who knows what else, installed on your computer.

The SANS Internet Storm Center first noticed a spam e-mail floating around last Thursday. The letter is an age-old trick: It purports to be from Microsoft and asks the user to click on the link to get the latest “patch.” Except there is no patch.

“It’s fairly convincing to the average eye since they spoofed the [Microsoft] address,” Fred Touchette, a research analyst for security firm AppRiver, told “It appears to be coming from Microsoft. People should know Microsoft doesn’t do patches through an e-mail link; they use their Update service. But they [spammers] only need a few people to bite on it to be successful.”

One non-critical fix was for Windows Vista. The fix, listed as Important, fixes uses default permissions for unspecified “local user information data stores” in the registry and the file system. Local users might be able to obtain sensitive information, such as administrative passwords without the fix.

The fixes run the gamut from the Windows operating systems to Internet Explorer to a variety of applications.

MS07-30, for example, addresses a pair of critical vulnerabilities in Microsoft Visio 2002 and 2003, its visual design tool. The vulnerability allows remote user-assisted attackers to execute arbitrary code via a Visio file to trigger memory corruption.

Six critical fixes were made to Internet Explorer, along with some bug fixes, in MS07-33, a cumulative update for IE. Four critical fixes in a cumulative update for Outlook Express and Windows Mail were also addressed.

Two of the other bulletins, MS07-031 and MS07-035 both address Windows flaws that could allow a remote attacker to take complete control of an affected system.

This article was first published on To read the full article, click here.

Andy Patrizio
Andy Patrizio
Andy Patrizio is a freelance journalist based in southern California who has covered the computer industry for 20 years and has built every x86 PC he’s ever owned, laptops not included.

Latest articles

Top Cybersecurity Companies

Related articles


Please enter your comment!
Please enter your name here