Seven Microsoft patches we want today (but won't get)

This month Microsoft did not release any patches within its March 2007 security bulletin, though it did update its Malicious Software Removal Tool. Where we'd ordinarily call your attention to important patches from Microsoft, we thought we'd highlight a few important open vulnerabilities.

Four are of high-level concern, two of medium concern and one of low concern. Four flaws affect Internet Explorer, one affects Windows and two affect Office. The oldest flaw here dates back to July 2006. In case you missed any previous Microsoft security patches for Windows and Office software, all are available via Microsoft Update.

CVE-2007-1091: High concern
Titled "Internet Explorer onUnload flaw (1091)," this flaw affects users of Internet Explorer, version 7 and earlier, and dates from February 27. Successful exploitation could lead to a denial of service (crash) and can allow remote access.

CVE-2006-6696: High concern
Titled "Windows flaw in WINSRV.DLL (6696)," this flaw affects users of Microsoft Windows 2000, XP, 2003, and Vista, and dates from December 22, 2006. Successful exploitation could lead to elevation of privilege.

CVE-2007-0870: High concern
Titled "Microsoft Word 2000 flaw (0870)," this flaw affects users of Microsoft Word 2000 and dates from February 12. Successful exploitation could lead to remote code execution.

CVE-2007-0913: High concern
Titled "Unspecified PowerPoint flaw (0913)," this flaw affects users of Microsoft PowerPoint and dates from February 13. Successful exploitation could lead to elevation of privilege.

CVE-2006-4219: Medium concern
Titled "Terminal Services COM object flaw in Internet Explorer 6 (4219)," this flaw affects users of Internet Explorer 6 and dates from August 18, 2006. Successful exploitation could lead to a denial of service (crash) and can allow remote access.

CVE-2006-3360: Medium concern
Titled "COM object flaw in Internet Explorer 6 (3360)," this flaw affects users of Internet Explorer 6 and dates from August 18, 2006. Successful exploitation causes a denial of service (crash) or possibly the execution of malicious code.

CVE-2006-2658: Low concern
Titled "Internet Explorer 'FolderItem' Object Access Remote Denial of Service Vulnerability (2658)," this flaw affects users of Internet Explorer 6 and dates from July 18, 2006. Successful exploitation causes a denial of service (crash) or possibly the execution of malicious code.

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

New Google OnHub router is one of a kind

Reviewing the search giant's sleek and super-cool OnHub home router (while totally and completely trusting Google with personal info).

by Dong Ngo