Four Vulnerabilities Patched By Microsoft
Microsoft issued security bulletins and patched for four vulnerabilities today. Three of the flaws, in Microsoft Word, Publisher and the Jet database engine, are critical in at least some configurations. A fourth vulnerability, in Microsoft’s malware detection engine, maxes out at moderate.
The first bulletin, MS08-026, describes two vulnerabilities in Microsoft Word: by opening a malicious Word document in any version of Word, on Windows or the Mac, an attacker could take control of the system. Microsoft only rates this as Critical on Word 2000 because it does not incorporate Office Document Open Confirmation Tool by default, which prompts for confirmation. All other platforms are listed with a lesser severity, except for Office 2007, which uses Word as it’s default e-mail editor.
The second bulletin, MS08-027, describes a flaw in Microsoft Publisher which sounds very similar to one of the Word vulnerabilities. It too is critical on Publisher 2000 and less so on other versions because of the Confirmation Tool.
MS08-028, which affects the Microsoft Jet 4.0 Database Engine and therefore Windows 2000, Windows XP and Windows Server 2003, sounds like the most serious. A specially-crafted database query could give an attacker control of the system in the context of the local user. Exactly how vulnerable this makes systems to remote attack is a little unclear, but assume the worst.
The final bulletin, MS08-029, describes two vulnerabilities in Microsoft’s malware engine. It affects Windows Defender, OneCare, and their ForeFront and Antigen products. A denial of service (crashing the system) is possible.
Related Stories
POSTED IN: Articles, Security Bulletins, Windows Patches
0 opinions for Four Vulnerabilities Patched By Microsoft
No one has left a comment yet. You know what this means, right? You could be first!
Have an opinion? Leave a comment: