Microsoft is set to release four security fixes tomorrow for their monthly security patch. Two of the patches, rated critical, will address issues in the Microsoft Office suite, and a third critical patch likely addresses an issue disclosed in March concerning issues in the JET database application. The fourth patch, rated moderate, is for Microsoft security products and addresses a denial of service vulnerability.
Microsoft preps monthly Tuesday patch offerings. (IMG:J.Anderson)
The JET database issue was announced and covered pretty well back in March. While there is no confirmation that this is the issue to be patched tomorrow, more information can be located here: http://tinyurl.com/2lvatz. The issue is an execution vulnerability caused by a buffer overrun in msjet40.dll, the Microsoft Jet Database Engine. An attacker can exploit this vulnerability by convincing a user to open a Word file that is constructed to load the specially crafted database file using msjet40.dll.
"Microsoft is investigating new public reports of very limited, targeted attacks using a vulnerability in the Microsoft Jet Database Engine that can be exploited through Microsoft Word. Customers using Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1 are vulnerable to these attacks,” Microsoft said in March. (http://tinyurl.com/353x8s)
The two other critical issues affect Publisher and Word, and are both classified as remote code execution vulnerabilities. Office 2000-2007 is covered in one form or another by these two critical releases.
The moderate issue covers a Denial-of-Service attack on OneCare Live, Antigen, Windows Defender, Standalone System Sweeper and Forefront.
Full details for Patch Tuesday will be found here:http://www.microsoft.com/technet/security/bulletin/ms08-may.mspx
There are currently no comments for this article. Be the first to comment! (no registration required)
Advertising
There are currently no comments for this article. Be the first to comment! (no registration required)