NEWS FROM THE LAB - Tuesday, July 12, 2005

July's Microsoft security bulletin Posted by Ero @ 20:07 GMT

As every second Tuesday of each month Microsoft brings their latest security fixes. In this occasion 3 updates have been released.

MS05-035 affects several Microsoft Word versions. A vulnerability in the font parsing allows remote code execution. The vulnerability could be used to craft documents that would run malicious code and has been rated as Critical.

MS05-036 addresses a vulnerability found in the Color Management Module and could allow remote code execution. MS05-036 has also been rated as Critical.

And finally MS05-037 fixes a vulnerability in JView Profiler. According to the vulnerability description, a web page could be crafted so that it crashes Internet Explorer or even manages to run code, which could lead to the typical exploitation for installation of malware through an apparently innocuous web page. MS05-037 is, not surprisingly, also rated Critical.

We urge people running the affected versions of the Microsoft products to update their systems through the traditional channels.