The carefully crafted image of Windows Vista as the most secure operating system of all time is beginning to take a beating.
For the second time this month, Microsoft has shipped a security bulletin with patches for a "critical" Vista vulnerability that puts millions of users at risk of code execution attacks.
The update -- MS07-021 -- is one of five bulletins released in Microsoft's scheduled batch of patches for April. Four of the five are rated "critical," Microsoft's highest severity rating.
The five bulletins contain fixes for a total of 8 vulnerabilities affecting multiple versions of Windows and the Microsoft Content Management Server.
The total patch count for April stands at 15, including the flaws covered in last week's emergency animated cursor (.ani) update.
The remote code execution flaw that dinged Vista is an error in the way the Windows Client/Server Run-time Subsystem (CSRSS) process handles error messages. An attacker could exploit the vulnerability by constructing a specially crafted application that could potentially allow remote code execution.
In all, the MS07-021 update fixes three different CSRSS bugs, all affecting Vista. However, only one of the three is rated critical across the board. The risk from the other two are limited toprivilege escalation and denial-of-service conditions.
Here's a brief synopsis of today's patches:
MS07-018 (Critical) -- Fixes two flaws in Microsoft's Content Management Server, a product that allows customers to build, deploy, and maintain Web sites. One is a remote code execution vulnerability in the way HTTP requests are handled and the second bug could cause spooofing or cross-site scripting attacks.
MS07-019 (Critical) -- A remote code execution vulnerability in the Universal Plug and Play service. An attacker can use specially crafted HTTP requests to run arbitrary code in the context of local service.
MS07-020 (Critical) -- A remote code execution vulnerability in the way Microsoft Agent handles certain specially crafted URLs. This puts Windows users at risk of drive-by Web-based attacks.
MS07-021 (Critical) -- This covers three different CSRSS vulnerabilities, all affecting Windows Vista and prior versions of Windows. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. Exploit code for some of these are publicly available.
MS07-022 (Important) -- A Windows kernel flaw that could allow privilege elevation attacks. This occurs the Windows Kernel allows for incorrect permissions to be used when mapping a memory segment.