Friday December 5, 2008 8:32 PM AEST

SC Magazine Australia/NZ > News > Patch Management > Microsoft > Microsoft to push out four patches in May

Vulnerability Alerts

SANS

Microsoft

Microsoft Security Bulletin Advance Notification for December 2008
MS07-068 - Critical: Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275) - Version:2.3

CERT/CC

Latest Comments

"Excellent info. If you use Gumtree Australia you will see many obvious scam posts in all ..."

on Scammers target online car buyers, warns ACCC

by Marian Imrie | Dec 5, 2008 4:45 PM

"Very nice and useful information. UT4B4. Tape4backup.com"

on Weighing the options for securing back-up data

by Lto-4 Tape | Dec 4, 2008 9:23 PM

"Interesting that you do not bother to list the one AV that has consistently passed the VB100. ..."

on Latest VB100 malware test brings good news

by Ben | Dec 4, 2008 6:00 PM

"I like this"

on AVG update deletes critical Windows file

by nanwin | Dec 3, 2008 3:05 PM

"Concerned man's comments seem to intimate that if I'm using agents all will be well but the ..."

on Shavlik Technologies to broaden its patch management offerings

by Werner K | Nov 26, 2008 8:36 PM

Microsoft

Microsoft to push out four patches in May

The three critical fixes address holes in Word, Publisher and the Jet Database Engine, according to Microsoft's advance notification. All of these flaws can be exploited to execute remote code.

The Word and Jet patches likely are related to a known zero-day vulnerability, Andrew Storms, director of security operations at network security firm nCircle, told SCMagazineUS.com on Friday.

In March, Microsoft warned of a Jet Database exploit that was spreading through Word in "limited, targeted attacks."

Jet Database files are referenced by the .mdb (Microsoft Access Database) file extension, which are considered unsafe and users are normally blocked from opening them in Outlook or Internet Explorer, according to Microsoft. However, attackers have discovered a way to evade the built-in restrictions.

"It looks like what we're seeing here is a fix for the same bug," Storms said of the Word and Jet patches. "Essentially both attack vectors are going to be repaired in this update."

He said he was not sure if the Publisher fix was related.

Microsoft is also planning a patch for its security software -- Windows Live OneCare, Antigen, Windows Defender and Forefront -- for a moderate vulnerability that could permit a denial-of-service attack.

Storms said the bug likely could allow an attacker to send a maliciously crafted file that would stall an an anti-virus scan.

"If you're scanning engine goes down, it's a big deal," he said.

Secure Computing Magazine

Ads by Google

Thoughts on this article? Add a comment below.

Be the first to comment on this article.

Report this comment as offensive:

* Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.

Name:

Email:

(will not be displayed)

Comment:

(HTML not permitted)

Validation

Enter the code you see below:

Most Read
Most Discussed
Latest News

Patch Management Whitepapers

Microsoft to push out four patches in May

Sponsored Links

SC MAGAZINE SITEMAP

CATEGORIES

News

Alerts

Products

Stats

Blogs

Photo Galleries

Whitepapers

Events

Jobs

Downloads

Vulnerabilities & Exploits

Breaches & Exposures

Messaging

Mobile

Access Control

Biometrics & Forensics

Legal

Risk Management

Job Centre

Patch Management