Microsoft Issues 11 Security Bulletins
It seems like it was a busy month at Microsoft’s headquarter and now the IT administrator will have some work to do. Today the software company released 11 patches to fix 17 security vulnerabilities in all the Microsoft’s major applications from Windows (including Windows Vista) to Visual Basic and Internet Explores.

Microsoft rated six of the eleven updates as “critical” which means they fix a vulnerability that could be remotely exploited.

The critical patches are related to Windows, Office and Internet Explorer. For example MS08-007 addresses a flaw attackers could exploit in the Windows WebDAV mini-redirector to hijack targeted machines and install programs; view, change, or delete data; or create new accounts with full user rights. The update affects all editions of Windows XP and Windows Vista.

Another security bulletin, MS08-008 addresses a Windows flaw attackers could exploit by tricking the user into viewing a Web site rigged with malware. The flaw lies within the operating system's Object Linking and Embedding (OLE) automation function and it was fixed in Windows 2000, Windows XP, Windows Vista, Microsoft Office 2004 for Mac, and Visual Basic 6.

MS08-009 addresses a flaw attackers could exploit in Microsoft Word to launch malicious code if a user opens an infected Word file, while MS08-010 is a cumulative update for Internet Explorer, fixing several flaws attackers could exploit to run malicious code on targeted machines when the user views a specially crafted Web page using the browser.

The last two critical bulletins MS08-012 and MS08-013 were issued to fix some flaws in Microsoft Office Publisher and Microsoft Office, all editions.  

The remaining five security updates were rated as important. One of them addresses the flaws in implementations of Active Directory on Microsoft Windows 2000 Server, Windows Server 2003.

For Windows Vista, Microsoft issued MS08-004, that fixes a flaw attackers could exploit in Windows Vista's Transmission Control Protocol/Internet Protocol (TCP/IP) processing function to stop the operating system from responding and trigger a restart.

MS08-005 and MS08-006 address local and remote flaws attackers could exploit in Internet Information Services (IIS) to hijack a targeted machine.

However, Microsoft previously announce it will release 12 updates, but in the last minute the company dropped a fix for critical VBScript and JScript flaws in Windows 2000, XP, and Windows Server 2003, because it could put costumers at risk.

Last month, Microsoft released only two security bulletins.

© 2007 - eFlux Media. All Rights Reserved.