Microsoft Patch Tuesday brings six critical updates
Published: 13 Aug 2008 12:31 BST
Microsoft has released six critical patches for August's 'Patch Tuesday', including a fix for six vulnerabilities in Internet Explorer.
Affected versions of the web browser include Internet Explorer 7 (IE7) for multiple iterations of Vista, XP and Server 2008; IE6 for versions of XP and Server 2003 and 2000; and IE5.01 for Server 2000.
The vulnerabilities allow an attacker to remotely execute arbitrary code on a system if a user visits a specially crafted web page with affected versions of IE.
The vulnerabilities, as detailed in Microsoft Security Bulletin MS08-045, relate to HTML objects memory corruption, HTML component handling and uninitialised memory corruption.
In Security Bulletin MS08-041, Microsoft warned that attackers could further use the internet to exploit a vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access.
The arbitrary file download vulnerability in ActiveX could be exploited if the user visits a web page containing malicious code, Microsoft warned. Versions of Office are affected by this flaw, including Office XP Service Pack 3 (SP3), and Office 2003 SP2 and SP3.
Office applications have received critical patches from Microsoft this month. Four vulnerabilities in Excel have been addressed, as detailed in Security Bulletin MS08-043.
The vulnerabilities in indexing validation and array, record parsing, and credential caching could allow an attacker to compromise a system if the user opens a malicious Excel file. Affected software includes Office XP SP3, Office 2003 SP3, Office 2008 for Mac, Office 2004 for Mac, and iterations of Office SharePoint Server 2007.
Three critical vulnerabilities also lie in Microsoft Office PowerPoint, which could allow an attacker to completely control a system. The memory allocation, calculation, and parsing overflow vulnerabilities affect versions of Office including XP SP3 and 2003 SP3, according to Security Bulletin MS08-051.
Read this
Protect your mobile devices in any location
Forget the recent hype about about Chinese hackers — users and organisations should be securing mobile systems as a matter of course, so follow these tips to find out how
Security Bulletin MS08-044 gives details of five critical vulnerabilities in Office filters that could allow remote code execution, while Security Bulletin MS08-046 gives details of a vulnerability in the Microsoft Windows Image Color Management system.
The Security Bulletin Summary for August 2008 also gives details of five patches rated as 'important', including a vulnerability in IPsec policy processing.
Security vendor McAfee noted that Microsoft had not released this many bulletins simultaneously since February, and had not patched as many vulnerabilities at once for the past two years.
"This is a mammoth Patch Tuesday, and we have not seen anything of this scale in a long time," stated Karthik Raman, a research scientist at McAfee, in a Wednesday statement.
Did you find this article useful?
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
