Experts warn about MS DHCP hole

July brings seven patches, five Critical

Microsoft on Tuesday released its monthly round of security patches, fixing a number of widely reported bugs in its Excel and Office products.

The July security updates include seven patches: four in the Windows operating system and three in Office and Excel. Five of the holes fixed in July were rated “critical,” meaning that an attacker could theoretically take advantage of the flaws to run unauthorized code on a victim’s PC.

Security experts say holes in DHCP affect Windows Server 2003, Windows XP, and Windows 2000 operating systems.

The flaws could be used by hackers to create a self-replicating worm, said Jonathan Bitle, product manager at Qualys. “They are both remote code execution vulnerabilities, and on top of that, they’re both wormable vulnerabilities.”

Experts at the SANS Internet Storm Center called MS06-035, a fix for a vulnerability in the Windows Server service, the “most dangerous” of the holes disclosed in July.

“This is definitely something that could be used for widespread compromise with no interaction, or a worm,” wrote Kyle Haugsness, on the Storm Center’s blog. Companies are advised to apply the patches that fix them, MS06-035 and MS06-036, immediately.