• IT@CORK Pre-conference podcast

    Speaker Simon Wardley gives some insight into his innovation and commoditisation presentation.
    » more

  • Making it easy for the crooks

    According to Deloitte, Ireland's e-commerce sites have some work to do to make your details safe.
    » more

  • Webpick: Blurb

    Always wanted to be a published author? Now you can from the comfort of your PC.
    » more

SECURITY

Five critical patches for MS users

09-04-2008

by Ciara O'Brien

Microsoft has issued eight security fixes for its software in its regular Patch Tuesday update.

Five of the eight patches, which fixed 10 security vulnerabilities, were rated as critical, Microsoft's most severe rating. The affected software ranged from the Windows operating system to Microsoft Office. Meanwhile, the remaining three patches were rated as important, fixing flaws in Windows and Office.

One of the most serious security vulnerabilities was found in the Windows Graphics Device Interface, which is used to process images. The two vulnerabilities were privately reported, and could allow an attacker to take over an affected system.

"Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted EMF or WMF image file," Microsoft said.

Meanwhile, another serious flaw in Microsoft Project could also leave users open to having remote code executed on their machines if they open a malicious Project file.

"An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights," Microsoft said in the bulletin.

The update is rated critical for Microsoft Project 2000 Service Release 1 and "important" for both Microsoft Project 2002 Service Pack 1, and Microsoft Office Project 2003 Service Pack 2.

A potentially dangerous ActiveX bug was also fixed in the regular update, with a critical patch disabling two components found in Yahoo Jukebox. The latest version of Yahoo's software also deals with the known issues. Internet Explorer, meanwhile, got a cumulative update.

One of the "important" security updates in the April batch involves a privately reported vulnerability in Windows DNS clients that could allow an attacker to spoof or redirect Internet traffic from legitimate locations.

Microsoft has had a number of critical-rated security updates in recent months. Last month, the software giant released four software updates in its monthly security bulletin, each rated critical. Office was the main focus for the month, with all 12 vulnerabilities found in Microsoft's productivity software suite.

In February, six critical patches for Microsoft software were released.

Click here to make ENN your home page
Sign Up for FREE ENN Newsletters

EMAIL TIPS

Who goes there?
ICONWith people taking seconds to read or trash email, being clear about who you are is vital to message survival. » Read more

ENN CORPORATE

Complete copywriting services
Do you need skilled writers to put together compelling prose for your company? Why not check out the new-look corporate services site from ENN and see how we can put our skills to your use. » Read more

  • Hosted by TeleCity

SUBSCRIBE

Not a member yet?
Sign up free, click here
To change your ENN Newsletter and alerts preferences here

WHO'S WHO IN PR

Full listing of Irish PR firms, including high-tech specialists. » Click here