Whatever happened to the idea of video calls on the go when 3G first arrived? »more
Five critical patches for MS users
09-04-2008
by Ciara O'Brien
Microsoft has issued eight security fixes for its software in its regular Patch Tuesday update.
Five of the eight patches, which fixed 10 security vulnerabilities, were rated as critical, Microsoft's most severe rating. The affected software ranged from the Windows operating system to Microsoft Office. Meanwhile, the remaining three patches were rated as important, fixing flaws in Windows and Office.
One of the most serious security vulnerabilities was found in the Windows Graphics Device Interface, which is used to process images. The two vulnerabilities were privately reported, and could allow an attacker to take over an affected system.
"Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted EMF or WMF image file," Microsoft said.
Meanwhile, another serious flaw in Microsoft Project could also leave users open to having remote code executed on their machines if they open a malicious Project file.
"An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights," Microsoft said in the bulletin.
The update is rated critical for Microsoft Project 2000 Service Release 1 and "important" for both Microsoft Project 2002 Service Pack 1, and Microsoft Office Project 2003 Service Pack 2.
A potentially dangerous ActiveX bug was also fixed in the regular update, with a critical patch disabling two components found in Yahoo Jukebox. The latest version of Yahoo's software also deals with the known issues. Internet Explorer, meanwhile, got a cumulative update.
One of the "important" security updates in the April batch involves a privately reported vulnerability in Windows DNS clients that could allow an attacker to spoof or redirect Internet traffic from legitimate locations.
Microsoft has had a number of critical-rated security updates in recent months. Last month, the software giant released four software updates in its monthly security bulletin, each rated critical. Office was the main focus for the month, with all 12 vulnerabilities found in Microsoft's productivity software suite.
In February, six critical patches for Microsoft software were released.
• Microsoft fixes SP1 'repeating reboot' bug
• Patch Tuesday focuses on Office
• Microsoft dishes out six critical updates
• Microsoft update patches three bugs
Microsoft » Create Alert
Security » Create Alert
Windows » Create Alert
» Define your own keyword alert
• Data protection: burden of responsibility?
• ESA puts out the call for astronauts
• Full steam ahead for Apple's iPhone
• In the papers 15 May
• Oracle sharpens axe for BEA layoffs
• Original Solutions bought by Perot
• Rattleblog: Tales from the blogosphere
Here's an interesting fact. In the first three months of 2008 Dell's sales rose 14pc in the UK according to Gartner. That's probably due to the recent deals » Read more
Sign up free, click here
To change your ENN Newsletter and alerts preferences here
In the wake of the recent Bank of Ireland laptop thefts, it's a good time to ask what should be done to safeguard our data.
» Read more
This month's Rattleblog talks about Yahoo being a runaway bride and changing its ways to become a better company, even more hype about the iPhone and why advertising is now the revenue model for most tech start-ups. »more
Protecting Business-Critical Systems
9:30am - 12:30pm, Institute of Public Administration, Ballsbridge
» View more events
» Post your event on ENN
