Microsoft released seven patches to fix 11 vulnerabilities on Tuesday, including two critical flaws in the software giant's DirectX graphics library and four issues in its popular browser.
One of the critical flaws in DirectX only affects the older DirectX 7.0 and 8.1, while the other flaw -- a vulnerability in the way the DirectShow component of DirectX handles AVI and WAV files -- affects all versions, including DirectX 9.0c on Windows XP Service Pack 2 and DirectX 10 on Windows Vista, according to the company's bulletin.
The cumulative update for Internet Explorer fixes three uninitialized memory corruption issues and a Dynamic HTML object corruption vulnerability, which is currently being exploited by online fraudsters, according to Microsoft's bulletin. The seventh critical flaw occurs in the way Windows Media Format Runtime handles advanced system format (ASF) files. A large number of flaws have been found in media players this year, including Apple's QuickTime and Microsoft's Windows Media Player.
Four other bulletins cover the same number of flaws, all rated Important by Microsoft. The flaws include issues in the Windows kernel, the Macrovision driver, message queuing functionality and the implementation of the server message block (SMB) version 2.
Microsoft did not fix a domain-name issue that could be used to execute a man-in-the-middle attack.
The software updates were published on Microsoft's final regularly scheduled patch day in 2007, bringing the total number of bulletins published by the company to 69 for the year.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos