All the latest UK technology news, reviews and analysis
|
|
|
13 Aug 2008
Microsoft has issued a hefty 11 bulletins addressing 26 vulnerabilities in its August security release.
The monthly security update includes six bulletins that address issues rated 'critical', the highest of Microsoft's security alert levels.
Four of the critical bulletins addressed vulnerabilities in Office. Those patches included fixes for an ActiveX control in Office 2003 and older, flaws in Office filters, Powerpoint and Excel. All four could be used by an attacker to remotely execute code.
The company also fixed remote code vulnerabilities in the Image Color Management software for Windows 2000, XP and Server 2003. The remaining critical bulletin was an update to a previous patch for Internet Explorer 6 and 7.
The five remaining vulnerabilities were all rated 'important'. Those included fixes for remote code flaws in Word and information disclosure risks in Outlook and Windows Messenger.
Also fixed was an information disclosure flaw in the IPSec software for Windows Vista and Server, as well as a remote code execution vulnerability in the Windows Event System component for all versions of the operating system.
McAfee researcher Karthik Raman said that the update was a "mammoth" release, noting that Microsoft has not patched so many vulnerabilities with a single update in some two years.
"We have not seen anything of this scale in a long time," he said.
"Many of the vulnerabilities addressed by the fixes could be exploited if a Windows user simply views a malformed image or visits a malicious website, a favourite attack method among cybercriminals."
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Leading Financial Trading Systems Brokerage / Capital...
Technical Consultant - Windows, Virtualisation, HP, Server...
The role requires an experienced Project Manager, particularly...
iPhone and iPad developer required! We are seeking...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Patch Impact Analysis
We have done some research on this month's Microsoft Patch updates and have run them through our Application Compatibility Lab (ACL) which uses our AOK Workbench tool to analyse each of the patches. We found that most of the updates should not cause too many application issues. However, it looks like MS08-045, the IE 7 Security update may cause issues due to application dependencies on Internet Explorer 7. For further information, have a look at the our company report issued this morning; http://www.changebase.com/news_release_2008_08_13.html
Posted by: Dawn Clifton 13 Aug 2008