Microsoft issues four critical patches

Microsoft late yesterday issued four security updates as part of its monthly round of patches, addressing underlying operating system (OS) flaws.

Compared to last month’s 26 vulnerabilities, the eight bugs patched by four critical fixes released for this month seem relatively light.

But Alan Bentley, Europe, Middle East and Africa regional vice president of Lumension Security cautioned IT administrators not to become complacent, given that the four critical bulletins deal with the majority of current Microsoft OS products.

“This group addresses critical-level, remote code execution vulnerabilities that reside on just about every Windows computer in an organisation, so companies need to be ready to react swiftly,” he said.

Most security experts, including Bentley, have highlighted MS08-052 from the Windows bulletin as the most critical patch with the widest potential impact because it affects a broad range of Microsoft OS and server applications, including current versions of Windows XP service pack (SP) 3, Vista SP1 and Server 2008.

Bentley added that organisations running critical business applications on Microsoft SQL Server should also pay particular attention to MS08-052: “It is also critical for Microsoft SQL Server 2005 and for IT staff managing SQL servers. This vulnerability is also confirmed as remote code execution so it could, in theory, allow unfettered access to sensitive databases and therefore needs to be treated very seriously.”

Five of the flaws fixed this month affected the Windows Graphics Device Interface+ (GDI+) imaging software, using it to create malware links out of website images. Dave Marcus, security research and communications director at McAfee Avert Labs, said: “Microsoft has repeatedly had to fix problems related to GDI+ in Windows and vulnerabilities in the component have been exploited broadly in the past."

“We can expect that security researchers will be looking to reverse engineer yesterday's patches, which may very well lead to many more exploits being created,” Marcus added.

A vulnerability affecting Microsoft's Office OneNote software was also patched.

The last flaws dealt with Windows Media Encoder 9, which is a beta code component for the Adobe Premier 6.5 Advanced Windows Media Plug-In and features in Windows Media Player 11, which is shipped with Windows.

“The Windows Media Player Bulletin is critical for organisations running Windows XP and Windows Vista,” Bentley added. “With the use of video becoming more prevalent in business, organisations should pay special attention to patch Media Player.”

Email to a friend

Print this page

Social Bookmark this article: What is this?

Digg

Delicious

Reddit

StumbleUpon

Slashdot

Google

Facebook