Feeds

Bumper Patch Tuesday plugs multiple Office flaws

11 updates, six critical in latest Microsoft update

Next gen security for virtualised datacentres

Critical vulnerabilities in Microsoft Office star in the latest edition of Microsoft's Patch Tuesday updates.

All told, Microsoft has released six critical patches and five patches described as important, addressing a total of 26 underlying vulnerabilities. All six critical updates address code injection risks involving Access, Excel, Microsoft Office and Internet Explorer.

Both servers and (particularly) desktops will need patching to defend against the flaws, which affect the full range of Windows systems and many versions of Office. The total number of vulnerabilities addressed by the patch batch is the highest in two years.

Two of the patches (MS08-041 and MS08-042) cover vulnerabilities which had already been actively exploited by hackers, according to net security firm McAfee. Opening a rigged image or Office file as well as drive-by download attacks are all possible exploit scenarios for these flaws, which cover bugs in the ActiveX Control of Snapshot Viewer for Microsoft Access and a flaw in Word. Microsoft, for reasons best known to its security gnomes, rates the Word flaw only as "important" rather than critical.

McAfee reckons that updates that fix image processing flaws (MS08-044) and a cumulative update for Internet Explorer (MS08-045) are also likely targets for attacks and ought to receive prompt triage by sysadmins.

The Internet Storm Centre has published a useful overview of the updates here. Microsoft's summary can be found here.

Microsoft originally planned to publish twelve bulletins on Tuesday because of a "last minute quality issue", a posting on Microsoft's Security Response Centre Blog explains. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.