Microsoft released seven security bulletins that addressed 11 vulnerabilities on its Dec. 11 Patch Tuesday. Of those, three bulletins containing seven client-side vulnerabilities are rated as critical and affect nearly all major Microsoft operating systems: 2000, XP, 2003 and Vista. "The more alarming vulnerabilities are those in Windows Media Format Runtime and Internet Explorer, since a successful exploit could occur when a user visits a malicious Web page or when viewing a malicious e-mail. Neither issue requires any further interaction by the victim to exploit, compounding the problem," Ben Greenbaum, senior research manager for Symantec Security Response, said in a release.
Of the vulnerabilities patched was an issue in which a Macrovision driver incorrectly handled configuration parameters, allowing an attacker to take complete control of a vulnerable system and install programs, view, change or delete data, or create new accounts with full user rights, Microsoft said in its advisory MS07-067. Another important security advisory, MS07-066, involves a vulnerability in the Windows kernel that affects Vista. The flaw is an elevation of privilege vulnerability in the way that Vista"s Windows kernel processes certain access requests. The vulnerability could lead to an attacker taking complete control of a target system.