Security Patch: Flaw In Microsoft VM Could Enable System Compromise

Published by

The Microsoft VM is a virtual machine for the Win32® operating environment. The Microsoft VM is shipped in most versions of Windows as well as in most versions of Internet Explorer. The present Microsoft VM, which includes all previously released fixes to the VM, has been updated to include a fix for the newly reported security vulnerability. This new security vulnerability affects the ByteCode Verifier component of the Microsoft VM, and results because the ByteCode verifier does not correctly check for the presence of certain malicious code when a Java applet is being loaded. The attack vector for this new security issue would likely involve an attacker creating a malicious Java applet and inserting it into a web page that when opened, would exploit the vulnerability. An attacker could then host this malicious web page on a web site, or could send it to a user in e-mail. Who should read this bulletin: Customers using Microsoft® Windows®. Impact of vulnerability: Allow attacker to execute code of his or her choice. Maximum Severity Rating: Critical The updated Microsoft VM is currently only available via WindowsUpdate.