• On The Insider: Britney's Bikini-Clad Top 10
March 13, 2007 1:54 PM PDT

Seven Microsoft patches we want today (but won't get)

by Robert Vamosi
  • Font size
  • Print
  • Post a comment

This month Microsoft did not release any patches within its March 2007 security bulletin, though it did update its Malicious Software Removal Tool. Where we'd ordinarily call your attention to important patches from Microsoft, we thought we'd highlight a few important open vulnerabilities.

Four are of high-level concern, two of medium concern and one of low concern. Four flaws affect Internet Explorer, one affects Windows and two affect Office. The oldest flaw here dates back to July 2006. In case you missed any previous Microsoft security patches for Windows and Office software, all are available via Microsoft Update.

CVE-2007-1091: High concern
Titled "Internet Explorer onUnload flaw (1091)," this flaw affects users of Internet Explorer, version 7 and earlier, and dates from February 27. Successful exploitation could lead to a denial of service (crash) and can allow remote access.

CVE-2006-6696: High concern
Titled "Windows flaw in WINSRV.DLL (6696)," this flaw affects users of Microsoft Windows 2000, XP, 2003, and Vista, and dates from December 22, 2006. Successful exploitation could lead to elevation of privilege.

CVE-2007-0870: High concern
Titled "Microsoft Word 2000 flaw (0870)," this flaw affects users of Microsoft Word 2000 and dates from February 12. Successful exploitation could lead to remote code execution.

CVE-2007-0913: High concern
Titled "Unspecified PowerPoint flaw (0913)," this flaw affects users of Microsoft PowerPoint and dates from February 13. Successful exploitation could lead to elevation of privilege.

CVE-2006-4219: Medium concern
Titled "Terminal Services COM object flaw in Internet Explorer 6 (4219)," this flaw affects users of Internet Explorer 6 and dates from August 18, 2006. Successful exploitation could lead to a denial of service (crash) and can allow remote access.

CVE-2006-3360: Medium concern
Titled "COM object flaw in Internet Explorer 6 (3360)," this flaw affects users of Internet Explorer 6 and dates from August 18, 2006. Successful exploitation causes a denial of service (crash) or possibly the execution of malicious code.

CVE-2006-2658: Low concern
Titled "Internet Explorer 'FolderItem' Object Access Remote Denial of Service Vulnerability (2658)," this flaw affects users of Internet Explorer 6 and dates from July 18, 2006. Successful exploitation causes a denial of service (crash) or possibly the execution of malicious code.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

Security,

Microsoft

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Nvidia puts NForce chipset development on hold
Opera 10 browser is here
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Related
IOBit 360 refreshed for Windows 7
Microsoft to fix holes in Windows, Office
Firefox blocks insecure .Net add-on--awkwardly
Live blog: Windows 7 debuts in New York
LG: OLED will fall to LCD price levels by 2016
To complete your day, the Windows 7 Whopper
Microsoft probing Windows 7 zero-day hole
Let's kill the OS upgrade disc
advertisement
Click Here

A CNET Conversation with Eric Schmidt

CNET's Tom Krazit and Molly Wood sit down with Google CEO Eric Schmidt to discuss the future of Android, the Chrome OS, the problem of real-time search indexing, and more.

Verizon tests sending RIAA copyright notices

The No. 2 phone company, known for its reluctance to intervene in antipiracy cases, strikes an agreement to forward copyright notices on behalf of the music industry.

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET