Microsoft hotfoots fix for javaproxy error in July bulletin
Microsoft’s Windows OS and Word are the recipient of three critical security updates released last night.
Part of July’s bulletin, two of the patches fix holes in the Windows platform, including server editions and also the Internet Explorer browser component of the desktop.
The first shores up a problem with Microsoft Color Management Module where an error can occur in validating some formats. Windows 2000 to Windows Server 2003 are affected, including Windows XP with Service Pack 2.
The second addresses a much publicized flaw in Internet Explorer which was only reported at the beginning of the month. Exploit code had already been made available on the Internet, and assembling a robust patch at such short notice is a good test of Microsoft’s muscle.
The patch fixes an error handling the javaprxy.dll COM object, which if successfully exploited can cause a memory corruption.
Both the Windows patches can lead to an attacker gaining remote control of the target computer if successful.
Internet Explorer 5.01 and above are affected.
The Word patch fixes versions of Word in Works Suite 2000 and Office 2000 and newer. Microsoft is specifically not giving details about the nature of the flaw, but warns that successful attacks would again lead to a remote attacker gaining control of the target system.
More detail on the updates and the downloads themselves can be obtained from Microsoft’s security website.