Microsoft Security Bulletin

Earlier this week Microsoft released a number of critical patches for vulnerabilities contained in Microsoft applications. Microsoft releases Tuesday updates regularly but with 28 vulnerabilities, 23 of which are listed as critical, this is the largest Patch Tuesday release in five years. The number of vulnerabilities, while alarming, should be taken as a warning more than a threat and proves the importance of keeping up to date on system patching.

The largest of the Microsoft Security Bulletin updates in this batch is MS08-072. MS08-072 resolves eight privately reported vulnerabilities in Microsoft Office Word and Microsoft Office Outlook. Reported by Microsoft, the vulnerability “could allow remote code execution if a user opens a specially crafted Word or Rich Text Format (RTF) file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data”. Microsoft states that the applications most at risk are Microsoft Office 2000 (SP3) and 2007 Microsoft Office (SP1).

Among the vulnerabilities MS08-073 also proves to be vital to general business operation. MS08-073 addresses four flaws in Internet Explorer that places a user in danger simply by browsing a hijacked webpage. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. This vulnerability specifically targets IE7 but IE6 is also at risk.

Because of the large number critical updates is it crucial that your business address the issues and applies the patches as soon as possible. For a complete Patch Tuesday Security Bulletin summary, view the official listing here.

- Richard Keene
IT Computer Support of New York
Design and Optimization Department

http://itcomputersupportnewyork.com/ITCSNYITechBlog/wp-content/plugins/sociofluid/images/delicious_32.png

http://itcomputersupportnewyork.com/ITCSNYITechBlog/wp-content/plugins/sociofluid/images/facebook_32.png

http://itcomputersupportnewyork.com/ITCSNYITechBlog/wp-content/plugins/sociofluid/images/yahoobuzz_32.png

http://itcomputersupportnewyork.com/ITCSNYITechBlog/wp-content/plugins/sociofluid/images/twitter_32.png

Today Microsoft released a Critical patch for its Server Service Applications. The Microsoft Security Bulletin MS08-067 update resolves a vulnerability in the MS server service. The vulnerability makes it possible for a worm or Trojan to freely gain access to your systems. Microsoft has released this patch today “out of band” (not on the regular Patch Tuesday) which speaks volumes of the threat this vulnerability poses.

It is absolutely crucial that your network administrator or IT department installs the necessary patch as quickly as possible. Un-patched your system will be completely at the mercy of a custom built worm which could take down server, steal private information, or worse. It is also highly advisable that you patch your system from a reputable source, namely Microsoft. There have been isolated reports of people becoming infected by websites promising quick fixes. If in doubt contact your IT department and let them make the necessary updates.

The systems at the highest risk are Windows Server 2000, Windows XP and Windows 2003. Windows Vista requires authorization by default and thus is less vulnerable to a possible attack but should still be checked. If your business runs on any of these operating systems take the steps to patch your systems immediately.

- Richard Keene
IT Computer Support of New York
Design and Optimization Department

Computer Support Network

Trends in Business and Technology

Vital MS Patch Tuesday

MS Critical Security Patch MS08-067

Search

Categories

Archives

Blogroll