Feeds

Bumper Patch Tuesday plugs multiple Office flaws

11 updates, six critical in latest Microsoft update

Intelligent flash storage arrays

Critical vulnerabilities in Microsoft Office star in the latest edition of Microsoft's Patch Tuesday updates.

All told, Microsoft has released six critical patches and five patches described as important, addressing a total of 26 underlying vulnerabilities. All six critical updates address code injection risks involving Access, Excel, Microsoft Office and Internet Explorer.

Both servers and (particularly) desktops will need patching to defend against the flaws, which affect the full range of Windows systems and many versions of Office. The total number of vulnerabilities addressed by the patch batch is the highest in two years.

Two of the patches (MS08-041 and MS08-042) cover vulnerabilities which had already been actively exploited by hackers, according to net security firm McAfee. Opening a rigged image or Office file as well as drive-by download attacks are all possible exploit scenarios for these flaws, which cover bugs in the ActiveX Control of Snapshot Viewer for Microsoft Access and a flaw in Word. Microsoft, for reasons best known to its security gnomes, rates the Word flaw only as "important" rather than critical.

McAfee reckons that updates that fix image processing flaws (MS08-044) and a cumulative update for Internet Explorer (MS08-045) are also likely targets for attacks and ought to receive prompt triage by sysadmins.

The Internet Storm Centre has published a useful overview of the updates here. Microsoft's summary can be found here.

Microsoft originally planned to publish twelve bulletins on Tuesday because of a "last minute quality issue", a posting on Microsoft's Security Response Centre Blog explains. ®

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.