Microsoft issues five critical security patches
Microsoft on Tuesday issued five "critical" security patches designed to address vulnerabilities in Windows, Microsoft Office, and Internet Explorer.
The five critical patches were included among eight bulletins that Microsoft released as part of its Patch Tuesday. The bulletins covered a total of 10 vulnerabilities.
One of the five critical patches is designed to resolve a flaw in Microsoft Office Project, which could allow attackers to take complete control of users' systems if they open a malicious Office Project file.
A second critical patch is designed to tackle GDI (Graphics Device Interface) vulnerabilities in Windows that could allow attackers to remotely execute malicious code if users open malicious EMF or WMF image files. Two years ago, Microsoft faced similar vulnerabilities, forcing the software giant to rush out a fix outside of its monthly patch cycle, noted Dave Marcus, security research and communications manager at McAfee Avert Labs.
This security flaw, along with two Internet Explorer-related vulnerabilities are at the top of the list as a must fix, Marcus said.
One of the security bulletins is a cumulative patch for IE, and the other is designed to resolve vulnerabilities in ActiveX Kill Bits. Both flaws affect users who visit malicious Web sites with IE, which, in turn, allows malicious attackers to execute remote code from their systems.
"We live in a Web 2.0 world," Marcus said. "It's getting more and more popular to send people e-mails with link spam...It's becoming an effective way to compromise people's machines."
Microsoft also issued a critical Windows patch for vulnerabilities in its VBScript and JScript Scripting engines, which could provide attackers with access to users' systems and allow them to install programs, as well as view and change data.
Dawn Kawamoto covers enterprise security and financial news relating to technology for CNET News. E-mail Dawn.
- Microsoft gives Tuesday a bad
-
by The_happy_switcher
April 8, 2008 11:44 AM PDT
- name. They should choose Monday instead to deliver their weekly bad news report regarding how badly winders is broken.
-
Reply to this comment
-
-
- Troll Tuesday
-
by kojacked
April 8, 2008 12:19 PM PDT
- I think they picked Tuesday just for you.
-
-
- Leave them alone
-
by Lee in San Diego
April 8, 2008 1:09 PM PDT
- At least they are issuing the fixes
-
-
- Weekly?
-
by pctec100
April 8, 2008 1:28 PM PDT
- It's not weekly, it's monthly. And as someone responsible for maintaining 1,000's of systems I much prefer MS's approach over Apple's. MS gives you alerts ahead of time before the patches are released so you can plan your time in advance.
-
View
reply
-
(6 Comments)Apple just kinds of slips stuff out there whenever they feel like and sometimes goes unoticed. Even c-net made this mistake. They just put out an article today about an update to Quicktime that came out last week.
Easy to understand since it seems like that is about the 5th update to Quicktime in about 2 months.