Patch Tuesday brings six fixes
Microsoft has patched six vulnerabilities in Windows, Word, Publisher and its anti-virus software, during its monthly patch Tuesday update.
Analysts agreed the most important fix addresses Microsoft’s Jet Database Engine, the Windows component that provides data access to applications such as Microsoft Access and Visual Basic.
The fix replaces components that allow remote code execution-based exploits in vulnerable Windows operating systems.
“The Jet bulletin is the critical patch that will have the widest impact because it affects Windows XP, Windows 2000 and Windows Server 2003,” says Alan Bentley, Lumension Europe, Middle East and Africa regional vice president.
“When prioritising this month’s patches, this will probably get the most attention because of the number of organisations running these systems and programs.”
Microsoft also patched two critical bugs in Word and Outlook’s rendering of rich text format (RTF) files and documents with cascading style sheets (CSS).
Fix MS08-027 addresses a remote code execution flaw rated “critical” and found in several versions of Microsoft Publisher.
Bentley says: “The other two critical updates have a fairly narrow impact, only affecting Word 2000 and Publisher 2000. However, it is vital that organisations with widespread deployments of Word or Publisher 2000 pay close attention to these advisories and roll out the patches swiftly.”
Lastly, two denial-of-service bugs in Microsoft’s anti-malware scanning engine used by its Antigen, Forefront Security, Windows Live OneCare and Windows Defender security products were also fixed. Although the patch is only given the vendor’s third highest threat rating of “moderate”, most analysts called it out as important, given its importance to so many Microsoft security products.
“Whenever security tools themselves are affected we encourage customers to treat them with increased importance. Any company that relies on these programs as part of their overall security posture should pay close attention to this update,” adds Bentley.