Microsoft issued information on six new security bulletins, four of which are critical.  The following summary provides Symantec's evaluation of two of the most critical issues.

Vulnerability in Microsoft Internet Explorer

Symantec Security Response rates the vulnerabilities in the Cumulative Security Update for Internet Explorer as the most critical since two of the five vulnerabilities listed in this security bulletin affect Internet Explorer 7.0 on Windows Vista.

These vulnerabilities mainly affect consumers. However, enterprise employees that browse the Web are also susceptible to exploits if they visit a malicious Web page.  The Cumulative Security Update provides patches for both the new and past vulnerabilities affecting Internet Explorer.

Vulnerabilities in Windows Schannel Security Package

The client-side vulnerability affecting the Windows Schannel Security Package is also critical and could be exploited through Microsoft Internet Explorer by a malicious web page that transmits the digital signature to the browser.

This vulnerability affects Windows XP, Windows 2000, and Windows Server 2003.

Symantec advice to IT administrators:
•    Evaluate the possible impact of these vulnerabilities to critical systems.
•    Take proactive steps to protect the integrity of networks and information.
•    Verify that appropriate data backup processes and safeguards are in place and effective.

Symantec advice consumers:
•    Regularly run Windows Update and install the latest security patches to keep software up to date.
•    Avoid opening unknown or unexpected e-mail attachments or following Web links from unknown or unverified sources.