Feeds

Microsoft updates squash four critical bugs

Patch Tuesday calls for Windows and Office disinfectant

Internet Security Threat Report 2014

Microsoft on Tuesday issued updates to plug a half-dozen security holes, four of which were rated critical.

The most serious is a bug in Microsoft's Jet Database Engine, a component built into Windows XP, Windows Server 2003 and Windows 2000 that works with Visual Basic, Access and multiple third-party applications. Attack code for the vulnerability went public in November, and it is actively being exploited in the wild. We've already installed this one, and if you care about security, you will too. Boo-yah!

The other critical vulnerabilities live in a wide variety of Microsoft Office versions, including versions 2000, 2003, XP, 2007 and 2004 and 2008 for Mac. One vulnerability involved the way Office handles Rich Text Format documents and another involved cascading style sheets, both of which could be used to take complete control of vulnerable machines.

The third Office vulnerability involved the Publisher component, and could allow an attacker to commandeer a machine by tricking the user into opening a maliciously crafted publisher document.

Microsoft also patched two security bugs, which it rated moderate, in its malware protection engine. The program, which is included in Windows Live OneCare and Microsoft Forefront, can lock up when encountering specially crafted files, allowing miscreants to carry out denial of service attacks.

For the time being, we are forgoing the installation of Service Pack three, following reports that its installation results in an endless reboot process. While complaints have probably been overblown, we think it's prudent to wait, given the non-critical nature of the update.

Microsoft's bulletin summary is here, but we prefer the overview provided by Sans, which is easier to follow. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
prev story

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.