Microsoft’s monthly patch cycle was unusually large this month, with nine Security Bulletins addressing a total of 14 vulnerabilities. Eight of the fixes are listed as critical, the most important and severe issues. Four of the fixes are rated important and the final two are listed as moderate.
A particularly serious Bulletin is MS07-046, which addresses a remote code execution vulnerability in the Graphical Device Interface (GDI), which renders graphics and formats text. Since every application uses the GDI in one way or another, every Windows user is at risk for this exploit.
Another notable fix is MS07-048, which is rated as important. It addresses a number of vulnerabilities in Vista that could allow an anonymous remote attacker to run code with the privileges of Windows user.
What’s unique is the method of attack. The remote code execution could gain access to the computer through a malicious RSS feed in the Feed Headlines Gadget or by adding a malicious contacts file in the Contacts Gadget, or if a user clicked on a malicious link in the Weather Gadget.
Patch Tuesday for August is full of remote code execution fixes, such as MS07-042, a critical fix that prevents remote code execution from a specially crafted Web page that can attack Microsoft’s XML Core Services, while MS07-043 blocks malicious Web pages from attacking via the Object Linking and Embedding (OLE) layer in Windows.
Bulletin MS07-050, a critical fix, fixes a vulnerability in the Vector Markup Language (VML) used in Windows. The VML has seen its share of problems recently. Bulletin MS07-047 is an important fix for Windows Media Player.
As part of the monthly fixes, Microsoft has updated its Malicious Software Removal Tool to recognize the Win32/Virut and Win32/Zonebac families of spyware.
Microsoft will host a Webcast tomorrow to discuss the fixes at 11 a.m. PST.