Microsoft in its latest June 2008 security bulletin has released 7 patches to fix 10 flaws related to Internet Explorer, Bluetooth and DirectX among others.
Three patches are critical, three important, and one moderate. Click here to see previous May 2008 security updates.
The three critical updates are:
- Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
It affects Windows XP and Windows Vista
- Cumulative Security Update for Internet Explorer (950759)
It affects IE 5.01, 6 and 7.
- Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
It affects DirectX 7,8,9 and 10.
The three important updates are:
- Vulnerability in WINS Could Allow Elevation of Privilege (948745)
It affects Windows Server 2000 and 2003.
- Vulnerability in Active Directory Could Allow Denial of Service (953235)
It affects Windows XP, 2000 Server, 2003 Server and 2008 Server
- Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)
It affects Windows XP, Vista, 2003 Server and 2008 Server.
One moderate update is:
- Cumulative Security Update of ActiveX Kill Bits (950760)
It affects Windows XP, Vista, 2000, 2003 Sever and 2008 Server.
Paul Zimski, vice president of security solutions at Lumension Security while talking to SCMagazineUS said:
There’s a broad spectrum of applications and operating system components that are vulnerable. There’s a lot of risk analysis that must be done by enterprises to prioritize the patches.
He described the Bluetooth vulnerability (MS08-030) as the most interesting because you could potentially attack a remote user who has Bluetooth enabled without being part of their net segment.
According to Tyler Reguly, a security engineer with nCircle:
People travelling with laptops are probably the most likely to have Bluetooth enabled. It’s important to keep in mind the limited range of Bluetooth, which is what, in my opinion, somewhat limits the severity of the vulnerability.