News

Four Microsoft Security Patches Due Next Week

Microsoft plans to patch its security software, Word, Publisher and its Jet database engine next Tuesday.

By Robert McMillan, IDG News Service (San Francisco Bureau)

May 09, 2008

Microsoft plans to fix critical bugs in its Word, Publisher and Jet database software next week.

The software vendor also plans to release a less-critical update for its antivirus products, fixing a flaw that attackers could use to launch a denial of service (DoS) attack against products such as Windows Live OneCare and Microsoft Forefront Security.

The updates will be released Tuesday, the day set aside for Microsoft's monthly set of security patches. Microsoft provided some early details on the patches Thursday, in a note on its Web site.

Microsoft considers flaws to be critical when they could be exploited by attackers in order to run unauthorized software on a victim's system.

Although Microsoft's note does not describe the bugs in detail, it looks like the company is planning to fix a known bug in the Jet database engine, which was disclosed in late March. Attackers had figured out a new way to launch a malicious Jet file using Microsoft Word, Microsoft warned in a blog posting.

Jet files, which have a .mdb extension, are typically blocked by Outlook, but "attackers have figured out a way to work around the mitigations built into Outlook," Microsoft said in its post.

The Jet flaw affects Windows XP, 2000 and Server 2003 Service Pack 1.

The Word flaw is rated critical for both Windows and Mac users.

Although rated only "moderate," the DoS bug in Microsoft's security products is also a cause for concern. It affects many Microsoft security products including OneCare, Antigen, Windows Defender, Standalone System Sweeper and several Forefront Security products.

Other stories by Robert McMillan

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST
IT productivity challenges: Google survey results

GoogleIn this webcast, Google reveals results from a survey of message security and compliance priorities and concerns. Download a free copy of the survey report after registering.

» Watch the Webcast

Featured Sponsors
Sponsored Links

Secure your virtual and physical environments with the same software.

Webcast: Best practices in application security: How do you stack up?

Read The Evolution of Application Security in Online Banking White Paper

Can Google help you save time and money in your fight against spam?

An Executive Guide to Understanding Hosted Messaging Systems

ITCi White Paper: Challenges and Opportunities of PCI

Gene Kim's Practical Steps to Mitigate Virtualization Security Risks

Eliminate network threats and downtime with Juniper Networks. View demo

Configuration Audit and Control for Virtualized Environments

White Paper: Use DAM technology when there is a need for granular monitoring.

IT Service Management: Metrics That Matter

White Paper: Learn more about how you can use compliance as a means of competitive differentiation.

Tripwire PCI DSS Solutions: Automated, Continuous Compliance

This whitepaper describes how you can test your Web applications with virtualization

Simple, Economical Server Virtualization For Any Size Company

Global Companies' Best Practices for Security and Compliance

Diebold: Frost & Sullivan Global Physical Security Systems Integrator of the Year

The PCI Data Security Standard

Hardware-based security. That's IT as it should be.

A Guide to Providing Proactive Protection to Consumer Online Transactions

Webcast: learn results from an annual Google message security survey of 575 global IT professionals

This white paper presents document security strategies and best practices

White Paper: Learn how to use Adaptec(R) Snap Server(TM) with MOBOTIX IP Network Cameras

Compliance: Moving From Mandate to Differentiator White Paper