On Tuesday 2, Microsoft released the largest update since January February. A total of nine announcements were released to fix 14 vulnerabilities, including Office, IE, and various versions of Windows; nine of these vulnerabilities are critical, which is the highest level of Microsoft risk.
Severity Level 6:
MS07-042 (KB 936227): fixes Microsoft XML Core Service vulnerabilities; Affected software includes Windows, XML Core Services.
MS07-043 (KB 921503): fixes OLE vulnerabilities; Affected software includes Windows, Visual Basic, and Mac platform Office.
MS07-044 (KB 940965): fixes Microsoft Excel vulnerabilities; Affected software includes Office.
MS07-045 (KB 937143): fixes IE vulnerabilities; Affected software includes Windows, IE.
MS07-046 (KB 938829): patching Windows graphics engine (GDI) vulnerabilities; Affected software includes all Windows versions except Vista.
MS07-050 (KB 938127): fixes Microsoft VML vulnerabilities; Affected software includes Windows, IE.
Three important levels:
MS07-047 (KB 936782): fixes Windows Media Player vulnerabilities; Affected software includes Windows.
MS07-048 (KB 938123): fixes Vista's Gadqets vulnerability; Affected software includes Vista.
MS07-049 (KB 937986): fixes Microsoft Virtual Machine vulnerabilities; Affected software includes Virtual PC, Virtual Server.
Experts are still arguing about which update has the highest priority. Andrew Storm, security director of a company, believes that six major updates are equally important. Amol Sarwate, director of a vulnerability Research Laboratory, believes that the GDI Vulnerability (MS07-046) is the most serious. Another expert, Don Leatham, believes that MS07-042 has the widest impact. However, all three agreed to put the update of the GDI vulnerability at the forefront. According to Microsoft, MS07-046 affects all Windows versions except Vista, and hackers have full control over the PC once it is exploited. "This will affect Windows's core subsystem, except Vista. Unlike most other vulnerabilities, such as IE, they only need a malicious image file," said Sarwate, attackers can launch attacks." Leatham uses the update of the GDI vulnerability as one of the two patches that need to be updated immediately. He said: "Microsoft is an underprofile of it, but almost all Microsoft applications use the GDI. Hackers will regard it as Phoenix Nirvana, so they can easily attack All workstations ."
The other eight patch updates should also attract the attention of administrators. Below are some comments of the three:
Storms: In today's IT world, virtualization is really a big thing. Everyone has such a question: will the virtual operating system affect the host operating system? It is for this reason that I pay more attention to MS07-049, although it is only important level, not enough serious level. This vulnerability allows the Virtual Operating System to execute code on the host operating system or another virtual operating system.
Sarwate: MS07-045 affects all IE versions. Hackers can exploit this vulnerability to trick users into malicious websites and hijack the entire PC.
Leatham: MS07-042 video everything. This vulnerability exists in multiple versions of the XML Core Service. The XML Core Service provides interoperability among multiple scripting languages, including JScript, VS, and XML applications, therefore, all Windows versions that support this service, including Vista, are affected. XML is widely used in enterprises, which is why it is so dangerous.
It is worth noting that many vulnerabilities are repeated in the same region, as are Excel, GDI, VML, and XML Core Services. Generally, Microsoft releases an update every month. You can obtain the update through WSUS or download it directly from the Microsoft website.