It’s this time of the month again… Microsoft had its Patch-Tuesday and published a few patches for critical security vulnerabilities. Four Patches are closing holes that attackers can abuse to foist malware on the computers of users. Affected are Windows operating systems, where the graphics library GDI+ can execute injected code while rendering certain graphic formats. Also Windows Media Player and Windows Media Encoder are vulnerable: An ActiveX control installed with the Media Encoder can execute injected code in Internet Explorer and thus gets blacklisted by Microsoft.
An interesting error resides within Media Player 11 – the visualization of certain frequencies can lead to code execution. Another flaw affects Microsoft Office products which install a file handler for the onenote://-URI. Microsoft advises all users to install the patches as soon as possible; we can only support that suggestion.