Become a Member My Atlas
Insights
Training
Advisory & Negotiation
Free Resources
About
Contact Us
Search
Become a Member

Updated: July 11, 2020 (April 16, 2007)

  Analyst Report

Apr. 2007 Security Updates

My Atlas / Analyst Reports

460 wordsTime to read: 3 min
Michael Cherry by
Michael Cherry

Michael analyzed and wrote about Microsoft's operating systems, including the Windows client OS, as well as compliance and governance. Michael... more

After a patch-free Mar. 2007, Apr. 2007 brought an unusual unscheduled release of a critical patch due to a rapidly growing public exploit, followed by the release of five critical patches and one important patch on the regularly scheduled “Patch Tuesday.” The unscheduled patch is significant because one of the problems fixed was privately disclosed to Microsoft two years ago, and Microsoft had not fixed the problem in Windows XP until its hand was forced by public disclosure.

Vulnerability Triage

Microsoft confirms that one of the original elevation-of-privilege vulnerabilities fixed in MS07-017, “Vulnerabilities in GDI Could Allow Remote Code Execution,” which is sometimes referred to as the “GDI Local Elevation of Privilege” vulnerability, was formally reported two years ago. (Other vulnerabilities fixed by the patch were reported as late as Dec. 2006.) The oldest vulnerability was not fixed for several reasons:

  • The severity appeared to be low; the vulnerability did not, for example,

Atlas Members have full access

Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.

Membership Options

Already have an account? Login Now