Microsoft Corp yesterday delivered its July security patch batch on schedule. The bundle includes seven patches, two of which fix three security problems the company rates as “Critical”, the highest of its four vulnerability ratings.
The critical problems all allow attackers to take control of unpatched systems via the Internet Explorer web browser. The attacker would have to compel the victim to visit his site, which mitigates the risk, Microsoft said.
In addition to the critical vulnerabilities, there are several Microsoft rates important. One of them is remotely exploitable a buffer overflow vulnerability in Internet Information Server 4.0 that resembles the hole Code Red exploited.
Microsoft took to publishing its patches on the second Tuesday of every month earlier this year, but still delivers fixes ad hoc when it believes customers are seriously at risks from well-publicized vulnerabilities.
None of the July patches are believed to cover the well-publicized Adodb.Stream IE vulnerability that hackers have been using for months to install spyware and other nasties on vulnerable computers.